I am trying to generate a new sAMAccountName in the BeforeCreate rule and adding it to the $requestObject. The value gets added successfully and I am also able to see it in the logs. However, when the AD account gets created, it does not take the new value but the old value present in the plan.
Am I missing anything?
Here are my line of code:
#Add sAMAccountNAme to the requestObject
$attrsAMAccountName = New-Object SailPoint.Utils.objects.AttributeRequest;
$attrsAMAccountName.Name = "sAMAccountName";
$attrsAMAccountName.value= "QI"+$newName;
$attrsAMAccountName.Operation = "Add";
$requestObject.AttributeRequests.Add($attrsAMAccountName);
And it is also present when I am printing it in the logs:
Is $requestObject the variable where you retrieve the account requests from plan using “plan.getAccountRequests”?
If yes, then you might need to remove the existing sam account name attribute request from the plan and then add this new sam account name attribute request
Hi @tamalika01,
Please check once may it work for you.
$attrsAMAccountName.Operation = “Add”;
Instead of "Add" , you might need to use "Set" if the attribute already exists.
yes indeed, but since our name generation logic is a bit complex and requires frequent testing, we opted to not go with a Cloud rule, as then we would need the assistance of Sailpoint to upload it.
Then there was the option of the nativeRules which are connector rules and will be managed from our side - that’S why we opted for the BeforeCreate rule.
Hi @mohammedfavazhrb@Abhishek_1995 Thanks for your responses, I was missing the last line to pass on the request object as args.
The logic to generate the sAMAccountName is for example AAA, AAB, AAC…AAZ, ABA,… and so on. With a prefix QI for Internals and QV for externals. So a sample sAMAccountNAme for an internal user would be QIHGK and for an external would be QVLOP. We are storing the prefixes and the last generated values in the application object.
Here is the working script now if anyone requires it:
#Read properties
$custom_loginPrefixInt = $appObject.custom_loginPrefixInt
LogToFile("PS Script>>>>>> custom_loginPrefixInt is: $custom_loginPrefixInt")
$custom_loginPrefixExt = $appObject.custom_loginPrefixExt
LogToFile("PS Script>>>>>> custom_loginPrefixExt is: $custom_loginPrefixExt")
$custom_lastLoginInt = $appObject.custom_lastLoginInt
LogToFile("PS Script>>>>>> custom_lastLoginInt is: $custom_lastLoginInt")
$custom_lastLoginExt = $appObject.custom_lastLoginExt
LogToFile("PS Script>>>>>> custom_lastLoginExt is: $custom_lastLoginExt")
if($enableDebug) {
#LogToFile("PS Script>>>>>> Request as XML object is: $requestAsString")
#LogToFile("PS Script>>>>>> Result as XML object is: $resultAsString")
}
#Call the client script
# Add a new attribute to request
# Write the request xml to file at the path passed as argument
function Generate-NextName {
param (
[string]$span
)
$previousPrefix = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
$login = ""
try {
$digits = $span.ToCharArray()
for ($i = $digits.Length - 1; $i -ge 0; --$i) {
if ($digits[$i] -eq 'Z') {
$digits[$i] = 'A'
} else {
$digits[$i] = [char]([int][char]$digits[$i] + 1)
break
}
}
return -join $digits
} catch {
Write-Error "ERROR in method: Generate-NextName: $_"
}
}
# Example usage
$span = $custom_lastLoginExt
$newName = Generate-NextName -span $span
LogToFile("PS Script>>>>>> New name: $newName")
$attrsAMAccountName = New-Object SailPoint.Utils.objects.AttributeRequest;
$attrsAMAccountName.Name = "sAMAccountName";
$attrsAMAccountName.value= $custom_loginPrefixExt+$newName;
$attrsAMAccountName.Operation = "Add";
$requestObject.AttributeRequests.Add($attrsAMAccountName);
$requestObject.nativeIdentity = "CN="+$custom_loginPrefixExt+$newName+",OU=TestUser,OU=Users,OU=XXXXX,OU=LXS Objects Test,DC=ad,DC=lanxess,DC=com"
#$ModifiedRequestObjectXml=$requestObject.toxml();
#LogToFile("PS Script>>>>>> New ModifiedRequestObjectXml: $ModifiedRequestObjectXml")
LogToFile("PS Script>>>>>> Request object modified successfully")
$requestObject.toxml()|out-file $args[0];
