0 votes

I'm customizing a New User Creation web form that exposes the samAccountName field (User Logon Name Pre-2000) which is auto-generated according to a user property pattern (%lastname:lower%%firstname:lower,1%) but remains uneditable.

In other words, what I'd like is for folks to know what the auto-generated username will be as they type out the First Name/Last Name field but not allow them to make changes to it.

Is this possible?

by (3.7k points)

1 Answer

0 votes
by (215k points)

Hello,

Doing what you exactly want is, unfortunately, impossible, but we suggest the following workaround: you may create a Business Rule that would write the samAccountName property of the newly created user to the Execution Log of the Create User operation. This Execution Log is displayed in the Web Interface when the Create User operation completes, so the user who creates a new user account will be able to see the samAccountName property in the log.

To do this:

  1. Create a new Business Rule.

  2. On the 2nd page of the Business Rule creation wizard, select User and After Creating a User.

  3. On the 3rd page of the wizard, add the Run a program or PowerShell script action and paste the following script:

     $accountMessage = "The logon name of this user account is "
     $accountMessage += $Context.GetModifiedPropertyValue("samAccountName")
     $Context.LogMessage("$accountMessage", "Information")
    
  4. Optionally, you may add the If the operation succeeds condition for the Business Rule. Without this condition, the log message will appear independently of whether the operation succeeds or fails (for reasons why the operation may fail, see below). To add such a condition:

    • Click Always in the set of actions and conditions of the Business Rule.
    • Choose the If operation <result> condition and select If the main operation succeeded.
    • Click OK.

  5. Save the Business Rule.

  6. Hide the User Logon Name field from the user creation form (see step 5 of the Customize Forms for User Creation and Editing Tutorial).

Note, however, that this workaround has a significant drawback. Not allowing users to edit the samAccountName property directly may result in the Create User operation to fail as 2 different users may have the same surname and first initial (that is, they will have the same logon name generated by the User Property Pattern). To workaround this issue, we also suggest you to use the script that automatically adds a digit to the username if it is not unique (see the Validate/Modify User Input Using a Script Tutorial, the actual script is in Example 2 of step 5).

0

Thank you for the detailed response!

We do in fact use a script that ensures the uniqueness of the username and if a duplicate is found then another username is auto-generated (using a script we obtained from you :)

I believe the solution you provided might work for us. Is there any way to display this message as HTML so it could be in bold, or larger font?

0

Is there any way to display this message as HTML so it could be in bold, or larger font?

No, unfortunately, this is impossible.

Related questions

0 votes
1 answer

Is it possible to script having users added (or removed) from a Security Group based on another AD Attribute? I have found ways to do this in Powershell (something like): ... just utilize the PS script and just run it through Adaxes on a timed fashion? Thanks!

asked Oct 7, 2014 by PunkinDonuts (2k points)
0 votes
1 answer

I was just wondering what property the %username% alias is for and is there a list somewhere of the alias' included and what they are aliases to Thanks!

asked Apr 12, 2013 by bemho (3.8k points)
0 votes
1 answer

If we switch to SSL is the portal considered secure enough to be exposed to the internet on 443?

asked Jan 12, 2015 by auser42 (1.8k points)
0 votes
1 answer

By default The Sign in Page for adaxes is Ex. adaxes.contoso.com/adaxes. After that I already set up the rules to redirect the user to the page that match their permissions ... can I make the Login Page : adaxes.contoso.com (stripping out the /adaxes) Thanks

asked Oct 23, 2019 by davidotz8 (710 points)
0 votes
1 answer

In past I am able to enable Auto Logon (Windows Integrated Auth) in our Internal Adaxes Server (full server) and in same time Form based auth for DMZ Based web server ... login when internal network but when outside, they should get the auth form for login.

asked Feb 20, 2019 by Brajesh (2.5k points)
2,246 questions
2,007 answers
5,494 comments
19,953 users