Feb. 1, 2011, 3:01 p.m.
posted by trystan
Renaming a User
You want to rename a user.
Using a graphical user interface
Using a command-line interface
The following command will rename the RDN of the user:
> dsmove "<UserDN>" -newname "<NewUserName>"
You can modify the UPN (-upn), First Name (-fn), Last Name (-ln), and Display Name (-display) using the dsmod user command. For example, the following command would change the user's UPN and last name:
> dsmod user "<UserDN>" -upn "<NewUserUPN>" -ln "<NewUserLastName>"
You can also rename an object by using AdMod with the following syntax:
> admod -b "<UserDN>" -rename "<New UserName>"
' This code renames the RDN of a user and the sAMAccountName attribute. ' ------ SCRIPT CONFIGURATION ------ strParentDN = "<ParentDN>" ' e.g. cn=Users,dc=rallencorp,dc=com strUserOldName = "<OldUserName>" ' e.g. jsmith strUserNewName = "<NewUserName>" ' e.g. jim ' ------ END CONFIGURATION -------- set objCont = GetObject("LDAP://" & strParentDN) objCont.MoveHere "LDAP://cn=" & strUserOldName & "," & strParentDN, _ "cn=" & strUserNewName set objUser = GetObject("LDAP://cn=" & strUserNewName & "," & strParentDN) objUser.Put "sAMAccountName", strUserNewName objUser.SetInfo WScript.Echo "Rename successful"
Renaming a user object can have a couple different meanings in Active Directory. In the generic object sense, renaming an object consists of changing the RDN for the object to something else, as when cn=jsmith becomes cn=joe.Typically, though, you need to rename more than that with users. For example, let's say you had a username naming convention of FirstInitialLastName so Joe Smith's username would be jsmith. Let's pretend that Joe decides one day that Smith is way too common and he wants to be unique by changing his last name to Einstein. Now his username should be jeinstein.The following attributes would need to change to complete a rename of his object:
While this example may be contrived, it shows that renaming Joe Smith to Joe Einstein can take up to five attribute changes in Active Directory, or more if you include updates to proxy addresses and other attributes that are typically tied to the user's name. It is also important to note that if you change any of the first three in the bulleted list (RDN, UPN, or SAM Account Name), you should have the user log off and log back on after the changes have replicated. Since most applications and services rely on user GUID or SID, which doesn't change during a user rename, the person should not be impacted, but you want to have him or her log off and back on anyway, just in case.
Recipe 4.23 for renaming objects