Here's our situation and I'm hoping IDM can solve it:
Our company works with many other companies. Because of this, we do a lot
of bulkloads of accounts into our production eDir tree. We do what we can
to make sure there are no duplicate accounts (either FullName or CN), but
sometimes that happens and we clean it up later. (The reasons do not
matter, the fact is, they have to be unique.)
The current process is (as far as I can tell) to get those requesting
access (usually their managers) to fill out a form that has all the
necessary information, then that gets passed on to someone else, and then
to our group who actually does the bulkloading. Sometimes the information
is incomplete and we have to go back to them several times for the correct
and complete information. As you can imagine, this creates delays in a
time-sensitive environment and that is obviously not good.
How can we leverage IDM to assist in this process?
IF ManagerA requests access for Users 1-4,000 (not a typo - we do get
thousands at a time upon occasion) AND the correct information is
presented THEN IDM checks for duplicity of accounts. IF it finds duplicate
accounts THEN it can logically create new CN names (ie, John Smith may be
logged in as JSmith while Joan Smith would be JoSmith and Jochim Smith
would be JocSmith, etc - none exceeding 8 characters) AND create the
proper accounts OR it will be sent to OurTeam for final approval, etc AND
THEN created. ELSE if they do NOT present the proper information, that
particular request (per User) will not be allowed to be submitted until
they have the complete and proper information.
Does that make sense?
Can it be done?