Pull a value out of policy or enforce a policy on one user.

Question

My goal is to look at the policy applied to an object and pull a value the policy would set.

Specifically, I'd like to pull homePath and homeDirectory out of the Home Folder and AutoProvisioning Policy applied to a user object.

This looks close to what I'm trying to do. Not sure what ]$PolicyRule is supposed to be in this situation, is it the name of the policy?

#===========================================================================
# ExecutePolicyRule
#===========================================================================
# This function generates a value in accordance with a PVG generation rule
#
# Parameters
# $PolicyRule - string with PVG geneartion rule
# $Request - the Request object. Please see ARS SDK for details about this
# object
# Return value
# String with generated value
# Remarks
# This function is applicable to onPreCreate, onPostCreate, onPreModify,
# onPostModify, and onCheckPropertyValues event handlers.
#
function ExecutePolicyRule ([string]$PolicyRule , $Request)
{
$value = $PolicyRule
$rex = [regex]'(?:%<(?<name>.+?)>)'
$neededAttributes = $rex.Matches($PolicyRule) | %{ $_.Groups['name'].Value }
$neededAttributes | %{ $value = $value -replace ('%<' + $_ + '>'),(GetActualAttribute $_ $Request) }
return $value
} #-- ExecuteGenerationRule

I would also be OK with an enforce policy option.

Terrance.Crombie · Answer

This looks like only a part of a custom solution. The ExecutePolicyRule function is not one of the built-in Active Roles triggering event functions and would not work in a Policy script. 
 From what you are describing, I think that you need to implement a Policy Script which is triggered by an onGetEffectivePolicy event. This is an expensive call and would need to be narrowly scoped to ensure that complex computations are only performed when applicable. I suggest using the IsAttributeModified method from the Best Practises Library to confirm that your attributes are in the request