Hi Team,
We have requirement to provision multiple accounts in different OU's in Active Directory for same user. Under OU=AdminAccounts,OU=People we have different sub OUs as below.
ACCOUNTNAMERULE : CN=${'admin' + user.customproperty42 + ',OU=' + AdminAccType + ',OU=AdminAccounts,OU=People,DC=XXX'}###CN=${'admin' + user.customproperty42 + '01' +',OU=' + AdminAccType + ',OU=AdminAccounts,OU=People,DC=XXX'}
Note: AdminAccType is a dynamic attribute, user can select any one sub OU (Backup Admins, Beacon Admins, DevOPS Admins)
CHECKFORUNIQUE: {
"userPrincipalName":"${'admin'+user.customproperty42}###${'admin'+user.customproperty42}01",
"sAMAccountName":"${'admin'+user.customproperty42}###${'admin'+user.customproperty42}01"
}
We are able to create the first user- account in any OU successfully, but for second account it causes issue with sAMAccountName.
Scenario 1: User ABC has a first account under OU= Backup Admins with cp42 value as ABC. as per mentioned rules.
DN ---> CN=adminABC,OU= Backup Admins,OU=AdminAccounts,OU=People
sAMAccountName ---> adminABC
if the same user raises 2nd AD account under OU=Beacon Admins, in this case it fails to create the second account with mentioned rules.
As DN value is combination of CN value and OU. in this case AccountNameRule again evaluates first condition(without 01) because OU=Beacon is different value and sAMAccountName rule evaluates the second condition as sAMAccountName already exists.
DN ---> CN=adminABC,OU= Beacon Admins,OU=AdminAccounts,OU=People
sAMAccountName ---> adminABC01
Due to difference in CN and sAMAccountName values it fails to execute. Is there any way to pass same value for DN and sAMAccountName in these scenarios.
Can you please update on this. is there any approach to achieve this.
[This message has been edited by moderator to merge reply comment]
