You may have noticed that after applying a provisioning policy that enforces the ‘sAMAccountName’ to match the ‘Name (CN)’ attributes, you are no longer able to alter previously existing group objects that do not match the policy requirements.
The policy gets triggered, even though you are not altering either the ‘sAMAccountName’ nor the ‘Name (CN)’ attributes.
Instead of the Active Roles yellow violation prompt you get a Windows/like prompt stating:
Failed to modify the object
Corporate policy violation. The ‘Group name (pre-windows 2000)’ property value does not conform to corporate policy.
The specified value ‘Contoso’ does not conform to policy requirements.
Img.1: Example of the prompt displayed.
This is a product defect (TF00631991).
Rename the affected the group(s) as per policy requirement.
This will be fixed on a future release of the product. Please refer to this article for updates or contact support referencing the defect ID: TF00631991.