Article

coolguys's picture
article
Reads:

3699

Score:
0
0
 
Comments:

0

Renaming User Accounts, eDirectory to AD

Author Info

27 June 2006 - 11:00pm
Submitted by: coolguys

Author Blog
Author Profile

Tags

Tags Map

(View Disclaimer)

Problem

A Forum reader asked the following question:

"I'm in the process of testing my IDM 3.0 deployment (eDirectory and AD). If I change the last name of a user account in eDirectory, the changes are sync'd over to AD just fine. However, viewing the user account in AD via ldp.exe shows that the CN and Name attribute are still using to the old last name. So, since the name attribute doesn't get updated, the user shows up with the old last name when viewing the list of users in the AD OU. If you open the changed user account, you can see the new last name (I can see the helpdesk folks complaining about this ...)

Where would I place a rule to rename the Name attribute? On the command transform? What would the rule look like for this? I have a feeling that changing the CN will be more involved. Any thoughts on how to accomplish this?

And here's the reply from Peter Norris ...

Solution

I have found that the only place AD will let me change the CN is by performing a RENAME on the NAME attribute on the OUTPUT Transformation policy.

Basically, I map FULLNAME to NAME and run a rule similar to the one below (not the full policy). This also updates the display name.

<description>Alter name change to rename</description>
<conditions/>
<actions>
<do-rename-dest-object when="after">
<arg-string>
<token-op-attr name="name"/>
</arg-string>
</do-rename-dest-object>
<do-clear-dest-attr-value name="displayName" when="before"/>
<do-set-dest-attr-value name="displayName">
<arg-value type="string">
<token-op-attr name="name"/>
</arg-value>
</do-set-dest-attr-value>
<do-strip-op-attr name="name"/>
</actions>
</rule>
</policy>

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.



Related Articles


User Comments

© 2013 Novell