Modified samAccountName from BeforeCreate script not reflected in AfterCreate script

Hi everyone,

We are using an AD BeforeCreate PowerShell script to generate a new samAccountName. The script checks for uniqueness across certain OUs that are not managed by SailPoint. This BeforeCreate rule works fine—the AD account is created successfully with the newly generated samAccountName.

However, we also have an AfterCreate script that manages Exchange mailbox creation. The issue we’re facing is that the samAccountName in the AfterCreate script still shows the old value generated by SailPoint instead of the updated one from the BeforeCreate script. As a result, the mailbox creation fails.

Has anyone encountered this issue? How can we make the updated samAccountName from the BeforeCreate script available in the AfterCreate rule?

Thanks in advance!

Hi @baoussounda

Post executing the before PowerShell I would say retrieve the resultObject attribute with new samaccountName. Based on that hit Get-AdUser -Identity “samAccountName” then check for the result is not null.

If so then execute the PowerShell for managing the exchange Mailbox with the new samAccountName.

Hi @baoussounda,

In After Create rule, create a new variable and save the user DN value after that use the below PS commend to get users sAMAccountName and you can use that sAMAccountName in mailbox creation.

Get-ADUser -Identity “DN value(CN=testuser,OU=Users,DC=example,DC=com)” -Properties SamAccountName | Select-Object SamAccountName

Hi @baoussounda ,

Please try retrieving the AD account using an alternative attribute, such as DN or employeeNumber.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.