Tried generating dn and email for creating account in AD through birthright but upon testing with name change (firstname lastname) of the user the generator in both dn and email dont pick the new name and generate new dn

Tried generating dn and email for creating account in AD through birthright but upon testing with name change (firstname lastname) of the user the generator in both dn and email dont pick the new name and generate new dn and email so does that mean generator only triggers just once and then dont get triggger. if yes then what should be the workaround for this ? thanks

Hi Rakesh!

Welcome to the Developer Community

Yes , the Create Operation triggers only once and it obeys ‘Create Provisioning Policy’ .The case you are talking about is , Update scenario , where the user is already created and the user’s first name and last name are now changed .To reflect the changes of first name and last name you can sync attributes with AD .
If you wish to change the DN of the user in this case , this is a Modify Scenario .
We need to go with either cloud or connector rule , as ‘Provisioning Policy’ of MODIFY usage type cannot make changes to dN {native Identity}

Refer to Best Practices: Active Directory Account Moves - Compass for more information on the implementation

Thanks

can we apply a transform in prov policcy of AD will it help?

The answer is no , Rakesh.

Hi Rakesh,
I highly recommend having a manual process for name changes.
You also need to change the email, the UPN and the sAMAccountName, and you need to apply a uniqueness test.
Also, you may want to add a proxy email address to the account so the user can keep using the same email address. And then you are going to want to remove the proxy at a later date.
Its all too much for a automated process

hey so u mean we cant do anything for the name change in DN genrator??

You are right. We cannot use DN generator for Modifying .

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.