Need a TRANSFORM that can create user dn(employees and contractor) in different OU in ACTIVE dIRECTORY as per their unique id attribute

Rakesh_Singh_1234 · March 11, 2025, 4:26pm

hey guys,

I want to create the TRANSFORM that can create the users (employees and contractors) in different OUs in AD in create AD that are coming from different sources (workday for emp and beeline for contracotrs) .

1) Workday (For Employees) :

if the attrbute "unique_id = M001,M002,M003 then create the user in ou=employees

and if unique_id = M008 THEN make user in OU = CNTRACTORS LIKE THIS
CN=$(lastname),$(firstname)(initialoffirstname),OU=Contractors,OU= Users,DC=XYZ ,DC=com

2) Beeline : (for contractors)

if the attribute master id = M001,M002,M003,M004 for the user then make the account in OU = contractor like below

Kindly give me full logic OF TRANSFORM and kindly give me the logic as well to create CN like this CN=$(lastname),$(firstname)(initialoffirstname),

thanks

vkashat · March 11, 2025, 4:48pm

For the DN, you likely won’t be able to accomplish this with a transform, you’ll need a cloud rule:

Account Profile Attribute Generator | SailPoint Developer Community

For CN, you can use a pattern similar to what you have above, but you’ll likely need to create an identity attribute to store the first initial and add that to the template.

Rakesh_Singh_1234 · March 11, 2025, 5:07pm

BUT WE need the user CN like this with backslash and , and after that firstinitial in brackets

suresh4iam · March 12, 2025, 12:51pm

Map the unique_Id to userCode identity attribute in Workday Identity Profile
Map the master_Id to userCode identity attribute in Beeline Identity Profile
Create another identity attribute calculatedOu
Create a different transform in each identity profile to calculate the OU

{
        "name": "AD OU Calculation",
        "type": "lookup",
        "attributes": {
            "input": {
                "attributes": {
                    "values": [
                        {
                            "attributes": {
                                "name": "userCode"
                            },
                            "type": "identityAttribute"
                        },
                        "none"
                    ]
                },
                "type": "firstValid"
            },
            "table": {
                "default": "ou=default,DC=xyz,DC=com",
                "M001": "ou=employees,DC=xyz,DC=com",
                "M002": "ou=employees,DC=xyz,DC=com",
				"M008": "ou=Contractors,DC=xyz,DC=com",
				"none": "ou=default,DC=xyz,DC=com"
            }
        },
        "internal": false
    }

Map the transform to calculatedOu
Refer the calculatedOu in Provisioning plan to set the OU
Similarly, you can either create one more identity attribute to concatenate the firstName and initial with brackets or do it in the create profile. Refer (Concatenation | SailPoint Developer Community) or (Static | SailPoint Developer Community)

This is one way of doing it, but not limited. So you can explore other ways based on your need.

Rakesh_Singh_1234 · March 12, 2025, 1:56pm

thanks for the response @suresh4iam i have one doubt
3, Create another identity attribute calculatedOu . is this attribute we need to make in both identity prifiles as well ? (wd and beeline) and after creating this calcultedou attribute do we need to map it with userCode AND THEN apply transform ?

Santhakumar · March 12, 2025, 4:12pm

Create the attribute in any one of the Identiy profiles it will be populated to another then you can apply the transforms.

Rakesh_Singh_1234 · March 12, 2025, 4:22pm

ok but on which attrobute we have to select one attribute as well from source to map right ?

suresh4iam · March 12, 2025, 9:01pm

is this attribute we need to make in both identity prifiles as well ?
Creating an identity attribute in one identity profile will automatically shows in other identity profiles.

do we need to map it with userCode AND THEN apply transform ? Yes, but it doesn’t have any impact since the input is taken from transform itself.

suresh4iam · March 12, 2025, 9:06pm

Mapping in Workday:
Identity Attribute: userCode
Source: Workday Account attribute: unique_id
Identity attribute: calculatedOU
Source: Workday Account Attribute: unique_id Transform: OU calculation
Mapping in Beeline:
Identity Attribute: userCode
Source: Beeline Account attribute: master_id
Identity attribute: calculatedOU
Source: Workday Account Attribute: master_id Transform: OU calculation

Hope this gives you a clear idea.

Rakesh_Singh_1234 · March 13, 2025, 9:31am

thanks a lot @suresh4iam its working as expected one more thing i just need to append my displayName attribute at prefix in the OU as CN so that the output shud be CN=(DISPLAYNAME),ou=employees,DC=xyz,DC=com" CAN WE ACHIVE THIS IN SAME LOGIC ?

suresh4iam · March 13, 2025, 1:25pm

Yes, you can.

Also please mark the reply as a solution which helped you to resolve the issue.

system · May 12, 2025, 1:26pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mover - Update DN in AD ISC Discussion and Questions aggregation , identity-security-cloud , provisioning	13	315	April 27, 2025
How to Add OU Attribute to Active Directory Accounts in Sailpoint ISC? ISC Discussion and Questions identity-security-cloud	13	255	March 23, 2025
Error while generating unique distinguishedName for AD Provisioning in SailPoint ISC ISC Discussion and Questions transforms , identity-security-cloud , provisioning	10	150	April 15, 2025
Having issue with the manager dn transform that fetch AD DN of user's manager ISC Discussion and Questions identity-security-cloud	16	102	May 10, 2025
Any transform logic to set uid attribute with increment number(firstname's first letter.lastname.incrementnumber) ISC Discussion and Questions identity-security-cloud	12	103	March 10, 2025

Need a TRANSFORM that can create user dn(employees and contractor) in different OU in ACTIVE dIRECTORY as per their unique id attribute

Related topics