GetFirstLetter left 1 none 0 GetFirstThreeLetters left 3 last-character 0 GetFirstFourLetters left 4 last-character 0 Format4DigitNumber D4 The group generates attribute for new objects, and is only executed on object creation. false New object constructors any add The group contains two constructors to build an accountName depending on the presence of the firstName attribute. As this group is set to 'exit after first execution', if USER0001's execution conditions are met, USER0002 is skipped. Only if USER0001 does not execute, will USER0002 execute. false Account name constructors Tries to build an account name when firstname and surname are present false USER0001 all firstName false IsPresent Proposed sn false IsPresent Proposed accountName accountName {firstName>>GetFirstLetter}{sn>>GetFirstThreeLetters}%n>>Format4DigitNumber% Tries to build an account name when only the surname is present false USER0002 any sn false IsPresent Proposed accountName accountName {sn>>GetFirstFourLetters}%n>>Format4DigitNumber% exit-after-first-success Assigns a unix UID to a new user false USER0003 unixUid unixUid execute-all false Mail constructors any firstName add update delete sn add update delete middleName add update delete Attempts to create a mail address using the following preferred order 1. firstname.surname 2. firstname.middlename.surname 3. firstname.middlename.surnameX - where X is a numeric digit false MAIL0001 mail [{firstName}.]{sn}@%mailSuffix% mail [{firstName}.][{middleName}.]{sn}%o%@%mailSuffix% execute-all false Admin account constructors all orgUnit add update delete Sets hasAdminAccount to true if the user is in the IT department (ouNumber 2002). Otherwise, it deletes the value (on a boolean value, this is equivalent to setting it to 'false') false ADM0001 hasAdminAccount conditional any String any Equals {orgUnit->ouNumber} 2002 true execute-all Updates the homeFolderPath attribute whenever the accountName changes false Home folder constructors any accountName add update Creates the homeFolderPath attribute by appending the homeFolderPathRoot constant with the accountName. Note that backslashes need to be escaped in ACMA DL false USER0004 homeFolderPath replace any %homeFolderPathRoot%\\{accountName} execute-all false false eventHomeFolderPathAdded log any homeFolderPath add false /c mkdir {homeFolderPath} cmd.exe false eventHomeFolderPathUpdated log any homeFolderPath update false /c move {#homeFolderPath} {homeFolderPath} cmd.exe false eventUserDeleted log all delete homeFolderPath false IsPresent Proposed false /c rd {homeFolderPath} /q /s cmd.exe person When a user is added, its employee number is checked against deleted items in the database. If a match is found, the existing object is undeleted. Equals employeeNumber {employeeNumber} any false ADMIN0001 any add accountName replace any a-{shadowParent->accountName} false shadowAdminAccount any