Had an interesting challenge recently as a part of a project I have been working on. As a part of the deprovisioning process, the sAMAccountName in Active Directory needs to be renamed.
However in doing a straight ToLDAP pass, the sAMAccountName attribute cannot be modified. It seems in order to do this, we need to use the ~ (replace attribute) modifier.
I don't know how often I'll be asked to rename this attribute (the more I think about it, the more I like it as far as the deprovisioning process goes), but it's certainly a good technique to have in my back pocket should it be necessary to change other attributes that resist a straightforward modification.
No comments:
Post a Comment