• State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 4549 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy script for New computer accounts

eric.ayre-hp.com
over 9 years ago

We have been running a policy script to create new users for ever :).

The business wants to create random computer names for pre-created computer objects, easy enough in in PowerShell with a uniqueness check.

However using a onprecreate event handler, we get a system violation stating the property is owned by system when we attempt to set the CN. "encountered an error when creating the object 'cn=L538784,OU=Laptop,OU=Quest Test Objects,DC=corp,DC=test,DC=com'. The attribute cannot be modified because it is owned by the system. (Exception from HRESULT: 0x800720B1)"

Ideally I would like the policy would  pre populate the computer name when the agent selects new computer of selected OU's.

the original user object script had a policy marker, function onGetPolicyMarker=EDS_APE_TYPE_UNIQUE_NAME

Is there an equivalent for PowerShell and computer objects ?

Thanks,

  • 0 over 9 years ago

    >>>(Exception from HRESULT: 0x800720B1)
    Could you please show your policy script?

    >>Ideally I would like the policy would  pre populate the computer name when the agent selects new computer of selected OU's.

    I would implement a policy script with onGetEffectivePolicyInfo() handler that gererates a unique value for computer name and then sets it as the attrbute value via EDS_EPI_UI_GENERATED_VALUE

  • 0 over 6 years ago
    This is an old post be we are currently having a similar issue. However, this solution appears to be specific to creating objects via the UI. We are creating hosts via SOAP/SPML web requests.

    We would like to have ARS generate a valid computer name based on scripted logic. However, we are unable to change the computer object CN via the onPreCreate event handler. Is there an alternative event handler in which we can accomplish the name generation before the object is created?
  • 0 over 6 years ago
    So you're saying that you're OnPreCreate handler is not getting fired by the SOAP/SPML create request?

    This may be a silly question but is the provisioning policy containing your OnPreCreate policy script actually linked to the location that your SPML call is trying to create the object?
  • 0 over 6 years ago
    Follow-up:

    This rather terse KB would suggest that provisioning polices don't work with SPML requests:

    support.oneidentity.com/.../183903

    Suggest you confirm with Support.