To configure a generation rule, click the Add button beneath the Generation rules list. This displays the Configure Value dialog box, prompting you to set up a value for the ‘Logon Name’ must be condition.
To start configuring a value, click Add in the Configure Value dialog box. This displays the Add Entry window.
A value is a concatenation of one or more entries. In the Add Entry window, you can select the type of the entry to add, and then configure the entry. The following table summarizes the available types of entries.
Type of Entry |
Description |
Text |
Adds a text string to the value. |
Uniqueness Number |
Adds a numeric value the policy will increment in the event of a naming conflict. |
User Property |
Adds a selected property (or a part of a property) of the user account to which the policy will assign the logon name. |
Parent OU Property |
Adds a selected property (or a part of a property) of an organizational unit in the hierarchy of containers above the user account to which the policy will assign the logon name. |
Parent Domain Property |
Adds a selected property (or a part of a property) of the domain of the user account to which the policy will assign the logon name. |
Instructions on how to configure an entry depend on the type of the entry. You can use the instructions outlined in the How to configure a Property Generation and Validation policy section earlier in this chapter to configure an entry of any of these types:
The following subsection elaborates on the Uniqueness Number entry.
When you select Uniqueness Number under Entry type in the Add Entry window, the Entry properties area looks similar to the following figure.
Figure 45: Entry Type: Uniqueness Number
Using this entry type, you can add an entry that represents a number the policy will increment in the event of a naming conflict.
First, you need to choose when you want the policy to employ this entry. You have the following options:
Next, you can specify how you want the entry to be formatted:
When you are done configuring an entry, click OK to close the Add Entry window. The entry is added to the Configure Value dialog box.
To configure a User Logon Name Generation policy
To complete the Configure Value dialog box
To complete the Advanced dialog box
The policy always removes the following characters: " @ * + | = \ : ; ? [ ] , < > / To specify additional characters, type them one by one, without any separator character, in the provided text box.
The policy described in this scenario generates the pre-Windows 2000 user logon name in accordance with this rule: the first character of the user first name, optionally followed by a uniqueness number, followed by the user last name. The length of the policy-generated name is at most 8 characters. If the name is longer, trailing characters are truncated as needed. Examples of names generated by this policy are as follows:
The policy generates the name J1Smitso for the user John Smitson if the name JSmitson is in use. If both JSmitson and J1Smitso are in use, the policy generates the name J2Smitso, and so on.
To implement this scenario, you must perform the following actions:
As a result, when assigning a pre-Windows 2000 user logon name to a user account in the container you selected in Step 2, the Active Roles user interfaces provide a Generate button to create a name in accordance with the policy rule. In the event of a naming conflict, clicking the Generate button causes the policy to add a uniqueness number to the name.
The following two sections elaborate on the steps to implement this scenario.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy