-
タイトル
User Logon Name is not populating -
説明
You have a policy to populate User Logon Name, Account Name and UPN Suffix.
When creating a user in the ActiveRoles Server Console, the account gets created fine with the appropriate fields getting populated. (Logon Name, Account Name and UPN Suffix)
But when creating users from a Quick Connect or Active Roles Synchronization Service provisioning step, neither the Account Name nor the UPN Suffix gets populated. -
対策
Do not attempt to generate values for edsaUPNPrefix or edsaUPNSuffix attributes. Those attributes are part of UserPrincipalName attribute. Create the policy that populates attribute named UserPrincipalName instead.
Below is an example of such a policy but with the third rule populating the UserPrincipleName
======================================================================================================================
First Rule - Generates user logon name (pre-Windows 2000) based on directory data such as user properties
1. %1<givenName>%<sn>
2. %1<givenName>%1<middleName>%<sn>
3. %2<givenName>%<sn>
4. %3<givenName>%<sn>
5. %4<givenName>%<sn>
Second Rule - Validates the 'Logon Name (pre-Windows 2000)' property values for 'User' objects
Logon Name (pre-Windows 2000) (samAccountName)
must be;
%1<givenName>%<sn>
%1<givenName>%1<middleName>%<sn>
%2<givenName>%<sn>
%3<givenName>%<sn>
%4<givenName>%<sn>
Third Rule - Validates the 'Logon Name' property values for 'User' objects
Logon Name (userPrincipalName)
must be specified
must be;
%<samAccountName>@Domain.Com
Fourth Rule - Validates the 'UPN Suffix' property values for 'User' objects
UPN Suffix (edsaUPNSuffix)
must be;
@Domain.Com
Fifth Rule - Validates the 'Account Name (UPN Prefix)' property values for 'User' objects
Account Name (UPN Prefix) (edsaUPNPrefix)
must be;
%<samAccountName>
======================================================================================================================