Adaxes

Set UPN suffix within business rule

0 votes

Is there a way to set a users' UPN Suffix within a business rule (PS script)? I've seen the script to update the suffix based on OU, but our OU structure doesn't support this option.

I need to be able to change a users' UPN suffix to either match the domain portion of their primary email address, or to apply a particular UPN suffix based on department. Either method works.

by (50 points)
0

Hello,

To help us better understand your needs, can you answer the following questions:

  1. Do you need to update the suffix for existing users, when creating new ones or both?
  2. Is the value of the Department property present in the UPN suffix? Can you give an example?
  3. How many UPN suffixes do you have, at least approximately?
by (289k points)
0

Do you need to update the suffix for existing users, when creating new ones or both?

It is for new users, but they're not created by Adaxes. Our HR application creates (via boomi) a disabled 'shell' user account for a new hire. Our service desk then have a "provision user" option in the web console (modify user) they then set a few options/attributes and clear the disabled check box, which triggers a provisioning business rule on save.

At the moment we set primary email addresses via a really ugly set of logic in the business rule. It would be a lot tidier to generate a UPN in a script, then add primary email address as %userPrincipalName%

Is the value of the Department property present in the UPN suffix? Can you give an example?

it's not a direct 1:1 mapping for the Depts / UPNs. We have a number of 'agencies' (trading names), which have agency-based email addresses, and back-office roles like HR / IT / Finance use a number of group addresses. The 'department' value wouldn't always match (or even contain) the text value of the UPN suffix, so I think a mapping table would be needed (Powershell switch function or CSV maybe?)...

Dept / Suffix:
Group Board - @groupname.com
Group HR - @subsidiary.com
Group IT - @subsidiary.com
Agency1 - @agency1.com
Agency2 - @abc-global.com

How many UPN suffixes do you have, at least approximately?

There are around 25 UPN Suffixes / email domains, and 60 depts

by (50 points)
0

Hello,

This can be done using a PowerShell script. We'll update the topic as soon as it is ready.

by (289k points)
0

Any updates to this?

by (50 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Steve,

Sorry for a delayed reply. See the script that will allow you to accomplish your task in our Script Repository: http://www.adaxes.com/script-repository ... y-s449.htm. To assign correct UPN suffixes, you will need to create a Business Rule that runs the script after creating a user.

0

working great, thank you! :)

by (50 points)

Related questions

0 votes
1 answer
How do I set a default UPN suffix for user creation?

Hi, I want to change the default UPN suffix for user creation. We only have a single UPN suffix we use at our organization however when we create a user using the web ... We only ever want to use the @mycompany.com so a list of options isn't requried.

asked Jun 29, 2022 by PeterG (40 points)
0 votes
1 answer
Connect to a Azure kevault fail fails from within a business rule on Connect-AzAccount -Identity ,

Hi, I need to retreive a secret from a Azure Keyvault in a business rule. I have a powershell script that works if i run a external command. But it fails if ... at <ScriptBlock>, <No file>: line 20 Any sugestion? Kind regards Reidar Dick-Henriksen

asked Dec 6, 2023 by reidardh (20 points)
0 votes
1 answer
Does a form (custom command) trigger a business rule that is set to "after updating a user"?

We currently have a form for HR to deal with ex-employees that are hired once more, but it's not much more than automatic emails sent to IT. If I add some actions ... this trigger the business rule we have that targets "After updating a user" ? Thanks, Louis

asked Oct 18, 2022 by lw.fa (130 points)
0 votes
1 answer
Business Rule to set Account Expires to 5 pm

Hello, I'd like the change the behavior of the account expires field from end of the day meaning 12am the next day to a specific time on the date specified. Example 5pm on ... got the idea from here: https://mikefrobbins.com/2013/12/12/set ... owershell/

asked Jul 31, 2019 by polley (1.2k points)
0 votes
1 answer
Modifying UPN suffix for specific employee Types

Working within a DoD environment all interactive user accounts are required to have an @mil suffix. Within the application though I am unable to make the required change to anything ... environment? The employee types consist of CTR, SVR, WKS, ADMIN, and APP.

asked May 13, 2019 by jason.d.jones (100 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users