I am working on project where a customer wants a transform that builds an AD DN path dynamically based on department, region, and title. How do you approach this?

MS62 · March 12, 2026, 9:40am

I have already checked the document but unable to find the resolution

MS62 · March 12, 2026, 9:56am

Hi Pankaj,
Thanks for quick respose.

suraj_gorle · March 12, 2026, 10:20am

Please create an identity attribute and apply the below transform. This attribute can then be used as a variable in the Create Account configuration for Active Directory (AD).

Transform:

{
  "name": "DN Build",
  "type": "Concat",
  "attributes": {
    "values": [
      "CN=",
      {
        "type": "accountAttribute",
        "attributes": {
          "attributeName": "Display Name",
          "sourceName": "XYZ"
        }
      },
      ",OU=",
      {
        "type": "accountAttribute",
        "attributes": {
          "attributeName": "Department",
          "sourceName": "XYZ"
        }
      },
      ",OU=",
      {
        "type": "accountAttribute",
        "attributes": {
          "attributeName": "Region",
          "sourceName": "XYZ"
        }
      },
      ",OU=",
      {
        "type": "accountAttribute",
        "attributes": {
          "attributeName": "Title",
          "sourceName": "XYZ"
        }
      },
      ",DC=ab,DC=com"
    ]
  }
}

Once created, reference this identity attribute as a variable in the Create Account tab for AD.

If uniqueness is required, use the following naming pattern:

CN=$(firstname).$(lastname)$(uniqueCounter),$(variableName)

In this case:

Remove “CN=” from the transform.
Pass firstname and lastname in the Create Account configuration.
The uniqueCounter will ensure the CN value remains unique.

Please let me know if any clarification is required.

Thanks.

j_place · March 12, 2026, 10:23am

HI @Pankaj_IAM_SailPoint Surely this can be done via a Transform rather than a Rule?

j_place · March 12, 2026, 10:26am

Hi @suraj_gorle Why an Identity Attribute, when this Transform could be applied on the Account Create profile? It’s best practive to only create additional Identity Attributes when absolutely necessary. Also, an Identity attribute would restrict functionality in terms of renames and moves.

suraj_gorle · March 12, 2026, 10:40am

Hi @j_place ,

This is well Noted. Could you please confirm whether the generator can be used directly within the custom transform incase of uniqueness check ?

j_place · March 12, 2026, 10:45am

Thanks @Pankaj_IAM_SailPoint That’s exactly my point, but you specifically recommended a Rule above and your post has been marked as the solution.

j_place · March 12, 2026, 10:47am

Hi @suraj_gorle I’m not sure what you mean by “custom” transform, but obviously uniqueness checks can be performed on the target system using Create Unique Account ID generator

suraj_gorle · March 12, 2026, 10:54am

Hi @j_place When we will attached transform in create account profile so that attribute is shown as custom transform.

Can we use generator in transform for checking uniqueness ?

Topic		Replies	Views
Need a TRANSFORM that can create user dn(employees and contractor) in different OU in ACTIVE dIRECTORY as per their unique id attribute ISC Discussion and Questions identity-security-cloud	11	161	May 12, 2025
Getting a transform for AD Samaccountname ISC Discussion and Questions transforms , rules , identity-security-cloud , provisioning	2	109	April 18, 2025
Active Directory DistinguishedName Generation in Create Profile ISC Discussion and Questions transforms , identity-security-cloud	11	781	August 9, 2024
Unique Account Attribute Generation with Future Edit functionality ISC Discussion and Questions transforms , identity-security-cloud , provisioning	7	61	March 15, 2026
Getting error during create account for AD ISC Discussion and Questions transforms , identity-security-cloud , provisioning	11	881	June 21, 2024

I am working on project where a customer wants a transform that builds an AD DN path dynamically based on department, region, and title. How do you approach this?

Related topics