Custom policies allow you to fully exploit the power and flexibility of the default security model. By using custom policies, you can integrate DRA with existing enterprise components while ensuring that your proprietary rules are enforced. You can use the custom policy feature to extend your enterprise policies.
You create and enforce custom policies by associating an executable or script to an administration operation. For example, a policy script associated with the UserCreate operation could check your human resource database to see if the specified employee exists. If the employee exists in the human resources database and does not have an existing account, the script retrieves the employee ID, first name, and last name from the database. The operation completes successfully and populates the user account property window with the proper information. However, if the employee already has an account, the operation fails.
Scripts give you a tremendous amount of flexibility and power. To create your own policy scripts, you can use the Directory and Resource Administrator ADSI Provider (ADSI provider), Software Development Kit (SDK), and PowerShell cmdlets. For more information about creating your own policy scripts, see the Reference section on the DRA Documentation site.