For provisioning users manually in AD, it is mere email notification to AD provisioning team, they will take care of the rest by updating the activity to complete the workflow. When there is an AFX to be incorporated to do auto-provisioning into AD, as an implementation team, it is our responsibility to get the logic from customer to create the unique sAMAccountName.
In case of auto provisioning, do we have any best practise that can be used across all domains in the customer environment.
For now, we have a plan to go ahead with a java code which will be invoked by CRON job at every night. This job will not only create value for sAMAccountName and also checks for the duplication. If there is a duplication on generated value, we will be appending the value with the increment of 1.
Once the job processing is done, it generates a csv file with the relevant attributes and those values will be loaded into newly created tables in aveksa database. From there, IDC will pull the complete identities.
Is this right approach or do we have any best practise approach for generating sAMAccountName and avoiding the duplicate value?
As you have all the information (first names, middle names, last names, samaccountnames) collected, you can use one of the following approaches.
1. Calculate the samaccountname in the post processor phase
2. Calculate the samaccoountname in the fulfillment workflow and then use the output parameter feature (in the connector) to change the account in the change request (as you don't know the account name when the change request is starting the system will creating a pending account name with a value that is configured in the account template)
There is additional approach, calculate the value, store it in a custom table, collect the value using IDC...
Each approach has it's advantages and disadvantages