0 votes

Hello,

Is it possible with a script to generate a username with a sequential number affixed? Such as first initial, last initial and a sequential 5 digiit number starting at 1001?

I saw the script for using a business rule and sequential number script but I am unsure how Adaxes stores the last number used.

Thanks!

by (290 points)
0

Hello,

Please, clarify whether we understand correctly that the value of the userPrincipalName property should have the prefix (the part before the @ character) that includes the sequential number. If you have additional requirements, please, describe them in all the possible details.

I saw the script for using a business rule and sequential number script but I am unsure how Adaxes stores the last number used.

As far as we understand, you mean the script from this repository article: https://www.adaxes.com/script-repository/generate-sequential-property-values-s494.htm. This script stores the last used number in the custom integer attribute of the domain object whose distinguished name is specified in the $domainDN variable.

0

Yes that was the script I found. The goal would be to have a sequential # in the userID itself for SAMAccountName/UPN (Matching)

So the username would be XX10000@domain.com, the next user would be YY10001@domain.com etc. I would need to keep track of the last number incremented for the next new user to use. The letters will always be first and last initial followed by this sequential number but I am unsure how to store the last number used.

1 Answer

0 votes
by (14.5k points)

Hello,

Thank you for specifying. We adjusted the script from the repository article to meet your needs, please, find it below. It must be executed in a business rule triggering Before creating a user. The script generates values that start with the first letters of the first and last names of the created user and a sequential number. The script then updates the userPrincipalName and the sAMAccountName properties with the generated value. The last used number is then saved to the custom integer attribute of the domain whose distinguished name is specified in the $domainDN script variable.

$numberProperty = "adm-CustomAttributeInt1" # TODO: modify me
$domainDN = "DC=domain,DC=com" # TODO: modify me
$valueFormat = "%firstname,1%%lastname,1%{0:00000}" # TODO: modify me
$initialNumber = 10000 # TODO: modify me
$maxNumber = 19999 # TODO: modify me

function IsValueNotUnique($criteria)
{
    $searcher = $Context.TargetObject
    $searcher.Criteria = $criteria
    $searcher.SizeLimit = 1
    $searcher.VirtualRoot = $True

    try
    {
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()

        return $searchResults.Length -eq 1
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

# Get the number stored in domain property.
$domain = $Context.BindToObjectByDN($domainDN)

try
{
    $number = [int]($domain.Get($numberProperty))
    $number++
}
catch
{
    # Use the initial number
    $number = $initialNumber
}

# Build value
$uniqueValue = [System.String]::Format($valueFormat, $number)

do
{
    if ($number -gt [int]$maxNumber)
    {
        $Context.Cancel("Cannot generate a new value for $propertyName because the maximum `
                allowed object number has been reached. Contact your system administrator.")
        return
    }

    $upn = $Context.GetModifiedPropertyValue("userPrincipalName")
    $newUpn = $uniqueValue + $upn.SubString($upn.IndexOf("@"))

    $criteria = New-AdmCriteria -Type "User" -Expression {(userPrincipalName -eq $newUpn) -or (sAMAccountName -eq $uniqueValue)}
    $isValueNotUnique =  IsValueNotUnique $criteria

    if ($isValueNotUnique)
    {
        # If the value is already in use, generate a unique one.
        $number++
        $uniqueValue = [System.String]::Format($valueFormat, $number)
    }
}
while ($isValueNotUnique)

# Update the number in doamin property
$domain.Put($numberProperty, $number)
$domain.SetInfo()

# Update property values.
$Context.SetModifiedPropertyValue("sAMAccountName", $uniqueValue)
$Context.SetModifiedPropertyValue("userPrincipalName", $newUpn)
0

Thank you, this works well! Is the attribute stored on the domain level or the object level?

I tested this by creating two users and the script performed as expected, I even deleted those two users and created a third and it incremented as expected as well.

I'm just wondering because after we offboard someone eventually we delete the accounts but we never want to reuse any of the numbers again.

0

Hello,

Every object in Adaxes (including the domain one) has a set of custom attributes available only in Adaxes. The last used number is stored in the custom integer attribute of the domain object. The name of the custom integer attribute is specified in the $numberProperty script variable. This way, the number will be incremented each time a user is created and even if a user is deleted, the corresponding number will not be reused.

Related questions

0 votes
1 answer

Thanks for the info. I'm now grabbing the %adm-ManagerUserName% value, but need to remove the final 21 characters of it so it contains only their username and not our ... this in the PowerShell Script Editor for my business rule, I get the following error:

asked Mar 11, 2021 by mkvidera (60 points)
0 votes
1 answer

I need to create a lot of groups that have similar dynamic membership rules. e.g. Marketing group that adds users if they are enabled and if customAttribute10 is "14" Sales ... other settings and attributes between them. So is there a way to do this in bulk?

asked Jan 25, 2023 by jcrook (100 points)
0 votes
1 answer

Can I manage the user that is user by Adaxes to connect to Active Directory with Privilege Access Management (PAM)? Since this user can change user's password, ... would like to manage this user so that PAM can change/rotate the password periodically

asked Nov 18, 2021 by fachmi (170 points)
0 votes
1 answer

The rule runs but since the first name and last name are passed as parameters, I only get the sequential # as a userID without the initials.

asked Oct 24 by curtisa (290 points)
0 votes
1 answer

Hi all, How can I add a user directly to an Entra ID group? I understand it might be possible via CLI e.g. Add-AzureADGroupMember - But is there a built-in GUI method via Business Rules? Thanks, David

asked Oct 2 by dshortall (80 points)
3,569 questions
3,259 answers
8,275 comments
547,962 users