Renaming a User

Renaming a User


You want to rename a user.


Using a graphical user interface
  1. Open the ADUC snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Type the name of the user and click Find Now.

  4. In the Search Results window, right-click on the user and select Rename.

  5. You can modify the Full Name, Last Name, First Name, Display Name, User Principal Name (logon name), and SAM Account Name (pre-Windows 2000).

  6. Click OK after you are done.

Using a command-line interface

The following command will rename the RDN of the user:

	> dsmove "<UserDN>" -newname "<NewUserName>"

You can modify the UPN (-upn), First Name (-fn), Last Name (-ln), and Display Name (-display) using the dsmod user command. For example, the following command would change the user's UPN and last name:

	> dsmod user "<UserDN>" -upn "<NewUserUPN>" -ln "<NewUserLastName>"

You can also rename an object by using AdMod with the following syntax:

	> admod -b "<UserDN>" -rename "<New UserName>"

Using VBScript
	' This code renames the RDN of a user and the sAMAccountName attribute.
	strParentDN = "<ParentDN>" ' e.g. cn=Users,dc=rallencorp,dc=com
	strUserOldName = "<OldUserName>" ' e.g. jsmith
	strUserNewName = "<NewUserName>" ' e.g. jim
	' ------ END CONFIGURATION --------

	set objCont = GetObject("LDAP://" & strParentDN)
	objCont.MoveHere "LDAP://cn=" & strUserOldName & "," & strParentDN, _
	                 "cn=" & strUserNewName
	set objUser = GetObject("LDAP://cn=" & strUserNewName & "," & strParentDN)
	objUser.Put "sAMAccountName", strUserNewName
	WScript.Echo "Rename successful"


Renaming a user object can have a couple different meanings in Active Directory. In the generic object sense, renaming an object consists of changing the RDN for the object to something else, as when cn=jsmith becomes cn=joe.Typically, though, you need to rename more than that with users. For example, let's say you had a username naming convention of FirstInitialLastName so Joe Smith's username would be jsmith. Let's pretend that Joe decides one day that Smith is way too common and he wants to be unique by changing his last name to Einstein. Now his username should be jeinstein.The following attributes would need to change to complete a rename of his object:

  • His RDN should change from cn=jsmith to cn=jeinstein.

  • His sAMAccountName should change to jeinstein.

  • His userPrincipalName (UPN) should change to [email protected].

  • His mail (email address) attribute should change to [email protected].

  • His sn (last name) attribute should change to Einstein.

While this example may be contrived, it shows that renaming Joe Smith to Joe Einstein can take up to five attribute changes in Active Directory, or more if you include updates to proxy addresses and other attributes that are typically tied to the user's name. It is also important to note that if you change any of the first three in the bulleted list (RDN, UPN, or SAM Account Name), you should have the user log off and log back on after the changes have replicated. Since most applications and services rely on user GUID or SID, which doesn't change during a user rename, the person should not be impacted, but you want to have him or her log off and back on anyway, just in case.

See Also

Recipe 4.23 for renaming objects

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows