Active Directory Cookbook for Windows Server 2003 and Windows 2000-Active Directory Cookbook for Windows Server 2003 and Windows 2000

[ Team LiB ]

Recipe 6.6 Renaming a User

6.6.1 Problem

You want to rename a user.

6.6.2 Solution

6.6.2.1 Using a graphical user interface

Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Type the name of the user and click Find Now.
In the Search Results, right-click on the user and select Rename.
You can modify the Full Name, Last Name, First Name, Display Name, User Principal Name (logon name), and SAM Account Name (pre-Windows 2000).
Click OK after you are done.

6.6.2.2 Using a command-line interface

The following command will rename the RDN of the user:

> dsmove "<UserDN>" -newname "<NewUserName>"

You can modify the UPN (-upn), First Name (-fn), Last Name (-ln), and Display Name (-display) using the dsmod user command. For example, the following command would change the user's UPN and last name:

> dsmod user "<UserDN>" -upn "<NewUserUPN>" -ln "<NewUserLastName>"

6.6.2.3 Using VBScript

' This code renames the RDN of a user and the sAMAccountName attribute.
' ------ SCRIPT CONFIGURATION ------
strParentDN    = "<ParentDN>"    ' e.g. cn=Users,dc=rallencorp,dc=com
strUserOldName = "<OldUserName>" ' e.g. jsmith
strUserNewName = "<NewUserName>" ' e.g. jim
' ------ END CONFIGURATION ---------

set objCont = GetObject("LDAP://" & strParentDN)
objCont.MoveHere "LDAP://cn=" & strUserOldName & "," & strParentDN, _
                 "cn=" & strUserNewName
set objUser = GetObject("LDAP://cn=" & strUserNewName & "," & strParentDN)
objUser.Put "sAMAccountName", strUserNewName
objUser.SetInfo
WScript.Echo "Rename successful"

6.6.3 Discussion

Renaming a user object can have a couple different meanings in Active Directory. In the generic object sense, renaming an object consists of changing the RDN for the object to something else, such as if cn=jsmith became cn=joe. Typically, you need to rename more than that with users. For example, let's say you had a username naming convention of FirstInitialLastName so Joe Smith's username would be jsmith. Let's pretend that Joe decides one day that Smith is way too common and he wants to be more unique by changing his last name to Einstein. Now his username should be jeinstein. The following attributes would need to change to complete a rename of his object:

His RDN should change from cn=jsmith to cn=jeinstein.
His sAMAccountName should change to jeinstein.
His userPrincipalName (UPN) should change to jeinstein@rallencorp.com.
His mail (email address) attribute should change to jeinstein@rallencorp.com.
His sn (last name) attribute should change to Einstein.

While this example may be contrived, it shows that renaming Joe Smith to Joe Einstein can take up to five attribute changes in Active Directory. It is also important to note that if you change any of the first three in the bulleted list (RDN, UPN, or SAM Account Name), you should have the user log off and log back on after the changes have replicated. Since most applications and services rely on user GUID or SID, which doesn't change during a user rename, the person should not be impacted, but you want to have him log off and back on anyway just in case.

6.6.4 See Also

Recipe 4.19 for renaming objects

[ Team LiB ]