To configure a User Logon Name Generation policy, select User Logon Name Generation on the Policy to Configure page in the New Provisioning Policy Object wizard or in the Add Provisioning Policy wizard. Then, click Next to display the User Logon Name (pre-Windows 2000) Generation Rules page.
Figure 44: New Provisioning Policy Object wizard
- Priority. The policy applies generation rules in the order of their priority, as they stand in the list: first read, first applied.
- Rule. Syntax that defines the rule.
- Uniqueness Number. Displays Yes or No, indicating whether the rule includes a uniqueness number entry.
You can use these buttons manage the list of rules:
- Add. Opens the Configure Value dialog box, discussed earlier in this chapter (see How to configure a Property Generation and Validation policy). Use that dialog box to configure a value for the ‘Logon Name (pre-Windows 2000)’ must be condition, in the same way as you do when configuring a Property Generation and Validation policy. For more information, see Configuring a logon name generation rule later in this section.
- Remove. Deletes the rules you select from the list.
- View/Edit. Opens the Configure Value dialog box for the rule you select from the list. Modify the selected rule by managing the list of entries in that dialog box.
- Up and Down. Change the order of rules in the list. Click Up or Down to move a selected rule higher or lower in the list to give the rule a higher or lower priority, respectively.
- Advanced. Set certain options that apply to all rules in the list, such as the maximum length of the generated name, whether to format the name as the uppercase or lowercase string, the scope where you want the generated name to be unique, and the characters to be excluded from the generated names.
By selecting the Allow manual edits of pre-Windows 2000 logon name check box, you authorize the operator who creates or updates the user account to make changes to the policy-generated name. If this check box is cleared, Active Roles displays the User logon name (pre-Windows 2000) field as read-only on the user creation and modification forms.
By selecting the Always option, you authorize the operator to modify the pre-Windows 2000 logon name at their discretion. With the Only if a unique name cannot be generated by this policy option, you limit manual changes to the situation where a unique name cannot be generated in accordance with the policy rules.