How can I generate user ID's with sequential numbers

Question

Hello,

Is it possible with a script to generate a username with a sequential number affixed? Such as first initial, last initial and a sequential 5 digiit number starting at 1001?

I saw the script for using a business rule and sequential number script but I am unsure how Adaxes stores the last number used.

Thanks!

Comments

Hello,

Please, clarify whether we understand correctly that the value of the userPrincipalName property should have the prefix (the part before the @ character) that includes the sequential number. If you have additional requirements, please, describe them in all the possible details.

I saw the script for using a business rule and sequential number script but I am unsure how Adaxes stores the last number used.

As far as we understand, you mean the script from this repository article: https://www.adaxes.com/script-repository/generate-sequential-property-values-s494.htm. This script stores the last used number in the custom integer attribute of the domain object whose distinguished name is specified in the $domainDN variable.

---

Yes that was the script I found. The goal would be to have a sequential # in the userID itself for SAMAccountName/UPN (Matching)

So the username would be XX10000@domain.com, the next user would be YY10001@domain.com etc. I would need to keep track of the last number incremented for the next new user to use. The letters will always be first and last initial followed by this sequential number but I am unsure how to store the last number used.

Answer 1

Hello,

Thank you for specifying. We adjusted the script from the repository article to meet your needs, please, find it below. It must be executed in a business rule triggering Before creating a user. The script generates values that start with the first letters of the first and last names of the created user and a sequential number. The script then updates the userPrincipalName and the sAMAccountName properties with the generated value. The last used number is then saved to the custom integer attribute of the domain whose distinguished name is specified in the $domainDN script variable.

$numberProperty = "adm-CustomAttributeInt1" # TODO: modify me
$domainDN = "DC=domain,DC=com" # TODO: modify me
$valueFormat = "%firstname,1%%lastname,1%{0:00000}" # TODO: modify me
$initialNumber = 10000 # TODO: modify me
$maxNumber = 19999 # TODO: modify me

function IsValueNotUnique($criteria)
{
    $searcher = $Context.TargetObject
    $searcher.Criteria = $criteria
    $searcher.SizeLimit = 1
    $searcher.VirtualRoot = $True

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return $searchResults.Length -eq 1
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get the number stored in domain property.
$domain = $Context.BindToObjectByDN($domainDN)

try
{
    $number = [int]($domain.Get($numberProperty))
    $number++
}
catch
{
    # Use the initial number
    $number = $initialNumber
}

# Build value
$uniqueValue = [System.String]::Format($valueFormat, $number)

do
{
    if ($number -gt [int]$maxNumber)
    {
        $Context.Cancel("Cannot generate a new value for $propertyName because the maximum `
                allowed object number has been reached. Contact your system administrator.")
        return
    }

    $upn = $Context.GetModifiedPropertyValue("userPrincipalName")
    $newUpn = $uniqueValue + $upn.SubString($upn.IndexOf("@"))

    $criteria = New-AdmCriteria -Type "User" -Expression {(userPrincipalName -eq $newUpn) -or (sAMAccountName -eq $uniqueValue)}
    $isValueNotUnique =  IsValueNotUnique $criteria

    if ($isValueNotUnique)
    {
        # If the value is already in use, generate a unique one.
        $number++
        $uniqueValue = [System.String]::Format($valueFormat, $number)
    }
}
while ($isValueNotUnique)

# Update the number in doamin property
$domain.Put($numberProperty, $number)
$domain.SetInfo()

# Update property values.
$Context.SetModifiedPropertyValue("sAMAccountName", $uniqueValue)
$Context.SetModifiedPropertyValue("userPrincipalName", $newUpn)

Comments

Thank you, this works well! Is the attribute stored on the domain level or the object level?

I tested this by creating two users and the script performed as expected, I even deleted those two users and created a third and it incremented as expected as well.

I'm just wondering because after we offboard someone eventually we delete the accounts but we never want to reuse any of the numbers again.

---

Hello,

Every object in Adaxes (including the domain one) has a set of custom attributes available only in Adaxes. The last used number is stored in the custom integer attribute of the domain object. The name of the custom integer attribute is specified in the $numberProperty script variable. This way, the number will be incremented each time a user is created and even if a user is deleted, the corresponding number will not be reused.