I am trying to implement a transform to provision UserPrincipalName to Active Directory
However we have the requirement for checking duplicate accounts like so :
If the account UPN is already used in AD we should take the second letter of the sn and append it to givenName and then add to it the @domainName Example :
For John Doe if there is a John Doedy the first account to get created would be JohnDoe@domain the second account would be JohnDo@domain
However i have no clue on how to check if it s duplicate on the AD as it is a transform do you have any idea on how to code this?
For this specific approach, you can use an account profile generator rule, which allows you to simulate your requirement easily and check for duplicate values.
I see that it is a cloud Rule do we need to ask the support to import it ? If Yes we can’t do that because the client wants only the use of transforms
@DivyaL_7 The thing is, transforms in SailPoint are great for formatting and combining data like stitching together first name, last name, perform data manipulation etc., but they’re not built to check if a UPN already exists in Active Directory. That kind of real-time validation just isn’t something transforms can do.
To pull off what you’re describing where the system checks for duplicates and then tweaks the UPN by adding the second letter of the surname, you’d need to use a cloud rule, specifically an Account Profile Attribute Generator. That rule gives you access to SailPoint’s backend java classes & methods and lets you write custom code to check existing accounts and generate a unique UPN accordingly.
Now, if your client isn’t open to using cloud rules, the only workaround within transforms is to use the uniqueCounter transform. It doesn’t check AD for duplicates, but it does add a number to the end of the UPN to help avoid collisions. So instead of JohnDoe@domain.com, you’d get JohnDoe1@domain.com, JohnDoe2@domain.com, and so on. It’s not as elegant as your second letter approach, but it’s the best option if you’re limited to transforms.
Bottom line: transforms are great for shaping data, but not for checking uniqueness during runtime. For that, you’ll need a cloud rule or settle for the uniqueCounter-based workaround.