we have a use case, of creating a AD account as part of Joiner workflow,
Once new user detected in HR file, RSA should be able to create AD account for that user, and assign Roles based on users department number, that will grant additional group access to user.
For that, we have created roles and assigned membership rule, within Active Directory application, we have check marked, "Entitlement requires an account" and created account template, where pending parameter is "CN = lastname firstname, OU = Accounts," etc...
we are also generating sAMAccountName dynamically.
we also have a requirement, that if user is employee, then users AD account should get created in Accounts OU, vs if user is a contractor, account should get created in Temp OU.
While, testing out the joiner use case, request does gets generated, if user is contractor, DN mapping does not match, and request does not get completed.
Have any one encountered this use case, and how did they handled,
we want to have accountname(DN) generated in request dynamically,