Skip to main content

Articles in this section

See more
Print

Uniqueness names generation in Attribute Policy

  • Updated

Uniqueness names generation in Attribute Policy

Summary: User naming attributes such as UserPrincipalName, Full name (cn), samAccountName must be unique among all security principal objects within a directory forest. Cayosoft Administrator provides automatic names generation when creating a new user in Web Interface based on its first and last names (and any other attributes if you need so).

These name generation settings can be defined on the Active Directory extension, New User/Clone User web actions and Attribute Policy.

.Applies to: Cayosoft Administrator 5.2.0 or later.

Generation rules in the Web Portal

Cayosoft Administrator simplifies user creation by automatically generating naming attributes based on predefined rules. When an administrator enters a First Name and Last Name in the New User form, other attributes are filled automatically according to generation rules configured in the Cayosoft Administrator Console.

Default name generation rules

By default, generation rules apply to the following attributes:

  • Display Name

  • Full Name (cn)

  • UserPrincipalName prefix

  • SamAccountName

  • Mail

These rules are defined in the Active Directory extension settings and can be customized to align with organizational policies. They are used when creating users via the New User or Clone User actions.

Customizing name generation

Name generation rules can also be modified at the web action level for advanced scenarios. By default, New User and Clone User actions inherit generation settings from the AD Extension.

To configure different generation rules for these actions:

  1. Change the Use default generation rule setting by selecting a predefined rule from the drop-down menu.

  2. Create custom rules using the Expression Builder by clicking [...] next to the desired attribute.

  3. Disable auto-generation by selecting No Generation.

If there is a need to use different generation rules in different locations, account types or other scopes, an Attribute Policy can be used.

So, on New User and Clone User actions for any specific attribute generation rules are applied in the following order:

  • Attribute Policy

  • Web Action

  • AD extension.

For example, this is how our program will look for the generation rule for Display Name: first, it will check if there is an appropriate Attribute Policy for current scope and trustee (user logged in to Web Interface), if there is no such policy it will look into the New User action settings, and if the action settings say to use defaults, it will look into the Active Directory extension settings.

In addition, some naming attributes (UserPrincipalName, Full name (cn), samAccountName) must be unique within Active Directory forest, and Cayosoft Administrator can also simplify names validating and will automatically create a unique name in the environment (please see Name conflict resolution and alternative names generation section below in this article).

 

© Copyright 2013-2026 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.