DN generation in SailPoint Identity Now

Smera_Ausnet · April 11, 2025, 2:00am

Hi,

I am looking for support in finding the DN generation rule/transform used in the client Prod environment. I do not see any mapping or transforms in the environment for DN, but the DN generation works fine. The username generator rule that I see has only UserID and Email generation code. If the DN generation is a different rule, I should see some references about it somewhere. The only reference I could find is for the OU to place used object in one of the rules. But the “CN = FN LN” format should be defined somewhere for it to place the user in the OU. Is there any other place which I am missing to check?

I am working on a display name customization and want to ensure that there is no impact to the DN generation flow.

Thanks,
Smera Rajendran

officialamitguptaa · April 11, 2025, 4:22am

@Smera_Ausnet -

There are multiple ways to check -

Go to Sources–> Your AD Application → Create Account and check for Distinguish Name.

2 . Use Sailpoint REST API to see the CREATE Provisioning POLICY form for Active Directory. You can use the below API -

Let me know if it helps.

Thank you!

Smera_Ausnet · April 11, 2025, 4:59am

Hi Amit,

Thank you. It helped. The configuration was inside the provisioning policy.

Thanks,
Smera Rajendran