Chat now with support
Chat with Support

Active Roles 7.2.1 - Evaluator Guide

Introduction Test lab setup Managing users and groups Delegating administration Using Managed Units Using Active Roles policies Managing Exchange recipients Managing permissions in Active Directory Using dynamic groups Delegating computer resource management Using audit trail and reporting Using Active Roes replication Customizing the Web Interface

Clean up your test environment

The policy you configured and used in this section may interfere with the policies discussed in the sections that follow. To prevent this issue, you should block the effect of the User Naming Convention policy on your test domain before you proceed to the next sections.

To block the effect of the User Naming Conventions policy

  1. In the Active Roles console, right-click your test domain, and click Enforce Policy.
  2. In the Active Roles Policy window, locate the list entry named User Naming Conventions, and select the Blocked check box in that entry.
  3. Click OK to close the Active Roles Policy window.

Use a Logon Name Generation policy

Using Active Roles policies > Use a Logon Name Generation policy

You can use a policy of the Logon Name Generation category to automate the assignment of the pre-Windows 2000 user logon name upon creation or modification of a user account. When configuring a policy of this category, you can define multiple rules or apply an incremental numeric value to ensure uniqueness of the policy-generated name.

This section covers both the scenario that uses a uniqueness number and the scenario that involves multiple rules to generate logon names.

Scenario 1: Using uniqueness number

Using Active Roles policies > Use a Logon Name Generation policy > Scenario 1: Using uniqueness number

The policy described in this scenario generates the pre-Windows 2000 user logon name in accordance with this rule: the first character of the user first name, optionally followed by a uniqueness number, followed by the user last name. The length of the policy-generated name is not more than 8 characters. If the name is longer, trailing characters are truncated as needed. Examples of names generated by this policy are as follows:

  • JSmitson
  • J1Smitso
  • J2Smitso

The policy generates the name J1Smitso for the user John Smitson if the name JSmitson is in use. If both JSmitson and J1Smitso are in use, the policy generates the name J2Smitso, and so on.

To implement this scenario, you need to create and apply an Active Roles Policy Object. The following two sub-sections elaborate on the steps to implement this scenario.

Create and apply the Policy Object

You can create and apply the Policy Object using the Active Roles console as follows.

To create and apply the Policy Object

  1. In the console tree, expand Configuration | Policies, right-click Administration, and select New | Provisioning Policy.
  2. On the Welcome page of the New Provisioning Policy Object wizard, click Next.
  3. In the Name box, type the name of the Policy Object: User Logon Name Generation. Click Next.
  4. On the Policy to Configure page, select User Logon Name Generation. Click Next.
  5. On the User Logon Name (pre-Windows 2000) Generation Rules page, click Add.
  6. In the Configure Value dialog box, click Add.
  7. In the Add Entry window, configure the entry to include the first character of the user first name:
    1. Under Entry type, click User Property.
    2. Under Entry properties, click Select.
    3. In the Select Object Property window, click First Name in the Object property list, and then click OK.
    4. Under Entry properties, click The first, and verify that the box next to that option reads 1.
    5. Click OK.
  8. In the Configure Value dialog box, click Add.
  9. In the Add Entry window, configure the entry to optionally include a uniqueness number:
    1. Under Entry type, click Uniqueness Number.
    2. Under Entry properties, click Add if the property value is in use.
    3. Click OK.
  10. In the Configure Value dialog box, click Add.
  11. In the Add Entry window, configure the entry to include the user last name:
    1. Under Entry type, click User Property.
    2. Under Entry properties, click Select.
    3. In the Select Object Property window, click Last Name in the Object property list, and then click OK.
    4. Click OK.

    At this point, the Configured value box should display the following syntax:

    %1<givenName>{@counter(optional)}%<sn>

  1. Click OK to close the Configure Value dialog box.
  2. On the User Logon Name (pre-Windows 2000) Generation Rules page, click the Advanced button.
  3. In the Advanced dialog box, in the Maximum length, in characters box, type 8, and then click OK.
  4. On the User Logon Name (pre-Windows 2000) Generation Rules page, click Next.
  5. On the Enforce Policy page, click Add.
  6. In the Select Objects window, select your test domain, click Add, and then click OK.
  7. Click Next, and then click Finish.

You must also take certain steps to override the effect of the default logon name generation policy. You may block the policy effect for the entire domain or for individual containers within the domain.

To block the effect of the default logon name generation policy

  1. In the Active Roles console, right-click your test domain (or a certain container, such as OU), and click Enforce Policy.
  2. In the Active Roles Policy window, locate the list entry named Built-in Policy - Default Logon Name, and select the Blocked check box in that entry.
  3. Click OK to close the Active Roles Policy window.
Related Documents