Doing what you exactly want is, unfortunately, impossible, but we suggest the following workaround: you may create a Business Rule that would write the samAccountName property of the newly created user to the Execution Log of the Create User operation. This Execution Log is displayed in the Web Interface when the Create User operation completes, so the user who creates a new user account will be able to see the samAccountName property in the log.
To do this:
Create a new Business Rule.
On the 2nd page of the Business Rule creation wizard, select User and After Creating a User.
On the 3rd page of the wizard, add the Run a program or PowerShell script action and paste the following script:
$accountMessage = "The logon name of this user account is "
$accountMessage += $Context.GetModifiedPropertyValue("samAccountName")
Optionally, you may add the If the operation succeeds condition for the Business Rule. Without this condition, the log message will appear independently of whether the operation succeeds or fails (for reasons why the operation may fail, see below). To add such a condition:
- Click Always in the set of actions and conditions of the Business Rule.
- Choose the If operation <result> condition and select If the main operation succeeded.
- Click OK.
Save the Business Rule.
Hide the User Logon Name field from the user creation form (see step 5 of the Customize Forms for User Creation and Editing Tutorial).
Note, however, that this workaround has a significant drawback. Not allowing users to edit the samAccountName property directly may result in the Create User operation to fail as 2 different users may have the same surname and first initial (that is, they will have the same logon name generated by the User Property Pattern). To workaround this issue, we also suggest you to use the script that automatically adds a digit to the username if it is not unique (see the Validate/Modify User Input Using a Script Tutorial, the actual script is in Example 2 of step 5).