I'm trying to write a create rule that says, "If a user being added has the
same first and last name as an existing user, create the user with a
"pendingXXX" CN." Then, admins can manually determine if the user should
have been matched to a pre-existing record, or if this is indeed just a case
of similar names. (For business reasons too complex to cover, I can't
implement this in a matching rule and we have to leave the manual
reconciliation in place.)

I have a piece of XSLT (see below) that queries the directory to find a
count of existing users who have the same first and last name as a new user
being added.

I'm wondering if there is an easy conversion of this to policy builder...
basically making all of the below into my " Conditions." If you know of one
could you point me in the right direction?


<xsl:template match="add[@class-name='User']">
<xsl:variable name="firstName" select="./add-attr[@attr-name='Given
<xsl:variable name="lastName"
<!-- query ID tree for any user objects that may match the current
record -->
<xsl:variable name="query-users">
<query dest-dn="\PHC_IDENT\users" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="Given Name">
<value type="string">
<xsl:value-of select="$firstName"/>
<search-attr attr-name="Surname">
<value type="string">
<xsl:value-of select="$lastName"/>
<xsl:variable name="query-result"
<xsl:when test="count($query-result//instance) > 0">