Should be a standart user provisioning scenario, it works in my LAB but perhaps better conflicts handling ways exist and I "over-engineer" it? When building workflow to create new AD users I'm basically handling two conflicts: Name and SamAccountname.
1. Name: I'm handling it under "Rules to generate unique object name" screen with 2 rules 1) Name 2) Script to add PREFIX
$output = $null
$output = "DUP_ARSS_" + $srcObj["name"]
$output
2. SamAccountName: I'm doing it as Sync attribute rule where I query Target AD and add prefix if conflict on SamAccountName is found
$sam = $null
$output = $null
$objSearcher = $null
$ObjT = $null
$SDC = "DC1.Domain.com"
$sam = $srcObj["samAccountName"]
$objSearchRootSDC = [adsi]"LDAP://$SDC"
if ($($objSearchRootSDC.properties.distinguishedname) -eq $null)
{
$output = $sam
} else
{
#SAM Conflict check
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.PageSize = 100
$objSearcher.Filter = "(samAccountName=$sam)"
$objSearcher.SearchRoot = $objSearchRootSDC
#"distinguishedname" | %{[void]$objSearcher.PropertiesToLoad.Add($_)}
$ObjT = $objSearcher.FindOne()
if ($ObjT)
{
$output = "DUP_ARSS_" + $sam
} else
{
$output = $sam
}
}
$output