-
タイトル
How to change the UPN suffix for ADS Accounts -
説明
When an Active Directory user is synchronized into Identity Manager, by default their UserPrincipalName is calculated in the following way:
SAMAccountName@domain
Is it possible to customize the format of the UPN so that a different suffix can be used instead of the default domain name? -
対策
A specific value can be hard-coded for the UserPrincipalName by modifying the 'OnSaving' script of the ADSAccount table.
For example, if users are being synchronized in from a domain called "domain.com", the UPN will look like this:
johnsmith@domain.com
However, you may want the UPN to reflect a different domain, such as "yourdomainhere.com". To make this modification, follow these steps:
1. In Designer select "One Identity Manager schema" from the Navigation panel.
2. Select "Tables".
3. Select the ADSAccount table.
4. In the Tasks panel select "Show table definition".
5. This will open a Table Properties window. In this window, select the "Table scripts" tab.
6. Modify the OnSaving script by adding the following line:
Base.PutValue("UserPrincipalName", $SAMAccountName$ + "@yourdomainhere.com")
7. Commit the changes and compile the database.
Before making any changes to default Identity Manager scripts, always take a full database backup.
If a more complicated solution is required, such as UPN suffixes that are dynamically created rather than hard coded, please reach out to Professional Services.