Sometimes you need to run after creation activities for Active Directory related things.
Following some examples for cases you would like to run post create rule:
1. create exchange with speical parameters.
2. create retmoe exchange mailbox
3. create home folder
Following are the steps:
1. create rule like in appendix A below and right any PS you require
2. if you need to pass attributes from provision plan to the script but not for AD provision you can generate in provision policy and schema any calculated attribute and it will pass, however you need to exclue it from provisioning with following tag in Active Direcotry app (need to use debug page):
<value>
<List>
<String>needCreateEmail</String>
</List>
</value>
</entry>
3. add from debug tag with the Rule name
<entry key="nativeRules">
<value>
<List>
<String>Exchange - AD_ConnectorAfterCreate-Powershell</String>
</List>
</value>
</entry>
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule created="1493213104057" language="beanshell" modified="1552677916033" name="Exchange - AD_ConnectorAfterCreate-Powershell" type="ConnectorAfterCreate">
<Attributes>
<Map>
<entry key="ObjectOrientedScript" value="true"/>
<entry key="disabled" value="false"/>
<entry key="extension" value=".ps1"/>
<entry key="program" value="powershell.exe"/>
<entry key="timeout" value="800"/>
</Map>
</Attributes>
<Description>
This example is for IQService After Script. This is a sample PowerShell after script which ensures that the request was processed successfully and sets additional exchange attributes for the new user
</Description>
<Signature>
<Inputs>
<Argument name="log">
<Description>
The log object associated with the SailPointContext.
</Description>
</Argument>
<Argument name="context">
<Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
</Argument>
<Argument name="plan">
<Description>
The ProvisioningPlan object on its way to the Connector.
</Description>
</Argument>
<Argument name="application">
<Description>
The application object that references this before/after script.
</Description>
</Argument>
</Inputs>
</Signature>
<Source>
#Script is used to trigger the PS script to create Home Folder based on the passed TS_TerminalServicesHomeDirectory attribute
# Refer to SailPoint class library Requires PowerShell v2 installed on the system.
Add-type -path C:\IQService\Utils.dll
# Read the environment variables
$sReader = New-Object System.IO.StringReader([System.String]$env:Request);
# Form the xml reader object
$xmlReader = [System.xml.XmlTextReader]([Sailpoint.Utils.xml.XmlUtil]::getReader($sReader));
# Create SailPoint Request object
log.debug("Entering native rule");
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
$sAMAccountName = "";
# itereate attributes from the account coming from IIQ in AD Schema
foreach ($attribute in $requestObject.AttributeRequests)
{
if(($attribute.Name -eq "sAMAccountName"))
{
$sAMAccountName = $attribute.Value;
}
}
</Source>
</Rule>
NOTE: in case requestObject dont return values check path to util.dll
*** same can be achivee for Modify actions.