I have a requirement to never reuse a sAMAccountName. I've created an AD/LDS instance and for every new user in AD, a new user is created in AD/LDS. I need to be able to use the logon name generation policy to search both AD and AD/LDS in order to generate a unique name. As of now, the admin clicks the generate button and a logon name is generated that is unique to AD, then when the admin clicks finish, a script runs that checks to see if the logon name is unique in AD/LDS. If not, the admin gets an error and must manually change the logon name. I'd like to be able to just click the generate button and have the policy check both AD and AD/LDS, but that doesn't seem to be an option in the properties of the policy. Any suggestions would be greatly appreciated!
↧