Set nativeIdentity in BeforeCreate Rule

tamalika01 · October 23, 2024, 2:59pm

Dear Experts,

Is it possible to update the nativeIdentity in the BeforeCreate rule for AD?
I am trying to generate a new login name for the user which will be the CN & sAMAccountName. I am able to add the new sAMAccountName to the $requestObject, but i’m unable to update the nativeIdentity. Here is my script:

||$span = AZZ    |
|---|---|
||$newName = Generate-NextName -span $span  --> This generates the next value - BAA  |
||LogToFile(PS Script>>>>>> New name: $newName)    |
||#Add sAMAccountNAme to the requestObject    |
||$attrsAMAccountName = New-Object SailPoint.Utils.objects.AttributeRequest;    |
||$attrsAMAccountName.Name = sAMAccountName;    |
||$attrsAMAccountName.value= QI+$newName;    |
||$attrsAMAccountName.Operation = Add;    |
||$requestObject.AttributeRequests.Add($attrsAMAccountName);    |
||$dn = CN=+QI+$newName+,OU=Users,OU=XXXXX,OU=LXS Objects Test,DC=ad,DC=XXXX,DC=com; |
||$requestObject.nativeIdentity.Set($dn);   --> this method nativeIdentity.Set does not exist |
||$ModifiedRequestObjectXml=$requestObject.toXml();|

$requestObject.nativeIdentity.Set($dn); – this is wrong. Is there any documentation where i can find the availbale metods? I just tried to guess and used $requestObject.nativeIdentity.Set($dn) but this metod does not exist.
Any ideas?

Thanks in advance!

ipobeidi · October 23, 2024, 3:40pm

No, if you want to do a NameChange and need to update d the object name . you need to use a Powershell for that.

tamalika01 · October 24, 2024, 11:39am

Thanks, I was able to do it:

$requestObject.nativeIdentity = "CN="+$custom_loginPrefixExt+$newName+",OU=Users,OU=XXXX,OU=LXS Objects Test,DC=ad,DC=XXXXX,DC=com"

MVKR7T · October 24, 2024, 12:04pm

I would like to take a step back and ask you why not handle that in Provisioning Policy form itself, why to depend on Native Rules ?

tamalika01 · October 24, 2024, 1:04pm

There is the possibility of that in IDN too?

MVKR7T · October 24, 2024, 1:20pm

Yes, there are lot of things you can do in IDN but in a different way if you are referring to IIQ.

What is your requirement ?

udayputta · October 24, 2024, 1:41pm

I think you are trying to move the user from one OU to another. For this you can find the example at this post. There is sample rule you may use it and leverage some of the logic which you want

https://community.sailpoint.com/t5/IdentityNow-Forum/IdentityNow-Mock-Project-Services-Standard-BeforeProvisioning/td-p/216158

tamalika01 · October 29, 2024, 3:56pm

Hi @udayputta , No I was trying to generate the same CN as the sAMAccountNAme. The following worked for me in the BeforeCreate rule:

Topic		Replies	Views
Update AttributeRequest in the BeforeCreate Rule ISC Discussion and Questions identity-security-cloud	5	73	October 28, 2024
BeforeCreate script not returning updated XML AccountRequest correctly ISC Discussion and Questions rules , identity-security-cloud , provisioning	7	44	November 11, 2024
How to modify account request attributes in connector execution rule ISC Discussion and Questions identity-security-cloud , provisioning	13	1014	November 7, 2023
Aggregate account on AD after successful account creation ISC Discussion and Questions identity-security-cloud , accounts	15	77	November 11, 2024
How to change attribute "nativeIdentity" on a users Identity using Postman? ISC Discussion and Questions identity-security-cloud , attributes	6	475	May 18, 2024

Set nativeIdentity in BeforeCreate Rule

Related topics