Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory Account Name Rule

NPY
New Contributor II
New Contributor II

‎01/16/2024 12:35 PM - edited ‎01/16/2024 02:08 PM

Hello,

Our Active Directory account name rule is currently based on username (which is concatenated based on first and last name eg. John Doe would be JDOE and incremented if there are multiple users with the same name). The issue we have currently is when there are multiple users with the same name (even though different username) AD account is not created because the CN is same in the DN.. Currently, our username is feeding SAM account name, email is feeding UPN and display name (which includes first and last name) is feeding CN. 

What is the recommended account name rule in this case? Would the following account name rule based on display name solve the issue of same CN and error in creating accounts with same names?

CN=${user.displayname},OU=Company,DC=Domain,DC=com###CN=${user.displayname + '1'},OU=Company,DC=Domain,DC=com###CN=${user.displayname + '2'},OU=Company,DC=Domain,DC=com###CN=${user.displayname + '3'},OU=Company,DC=Domain,DC=com

0 Kudos
3 REPLIES 3

Ishan
Saviynt Employee
Saviynt Employee

‎01/16/2024 02:39 PM

Hi @NPY ,

You can use the user's username in the account name rule in the AD Connection and concatenate numbers at the end like this:

CN=${user.username},OU=Company,DC=Domain,DC=com###CN=${user.username}1,OU=Company,DC=Domain,DC=com###CN=${user.username}2,OU=Company,DC=Domain,DC=com###CN=${user.username}3,OU=Company,DC=Domain,DC=com

 

Ishan Kamat
Technical Architect, Professional Services
SaviyntLogo.png

0 Kudos

NPY
New Contributor II
New Contributor II

‎01/16/2024 04:33 PM - edited ‎01/16/2024 04:58 PM

I am not sure if I understood properly. We need to have display name in CN. And, when we have the account name rule as you mentioned, would not that still have the issue of duplicate display name which is feeding CN in our case? To elaborate, for 2 users with John Doe as their display name, username could be JDOE and JDOE1 but the display name would still be John Doe for both of these users which would have CN=John Doe for both and would further prevent from creating account in AD due to duplicate CN. Please advise.

0 Kudos

Ishan
Saviynt Employee
Saviynt Employee

‎01/16/2024 04:57 PM

Yes you can use display name instead of username then and just append numbers at the end:

CN=${user.displayname},OU=Company,DC=Domain,DC=com###CN=${user.displayname}1,OU=Company,DC=Domain,DC=com###CN=${user.displayname}2,OU=Company,DC=Domain,DC=com###CN=${user.displayname}3,OU=Company,DC=Domain,DC=com

Ishan Kamat
Technical Architect, Professional Services
SaviyntLogo.png

0 Kudos
Copyright © 2024 Khoros, LLC