[ Team LiB ] |
Recipe 6.6 Renaming a User6.6.1 ProblemYou want to rename a user. 6.6.2 Solution6.6.2.1 Using a graphical user interface
6.6.2.2 Using a command-line interfaceThe following command will rename the RDN of the user: > dsmove "<UserDN>" -newname "<NewUserName>" You can modify the UPN (-upn), First Name (-fn), Last Name (-ln), and Display Name (-display) using the dsmod user command. For example, the following command would change the user's UPN and last name: > dsmod user "<UserDN>" -upn "<NewUserUPN>" -ln "<NewUserLastName>" 6.6.2.3 Using VBScript' This code renames the RDN of a user and the sAMAccountName attribute. ' ------ SCRIPT CONFIGURATION ------ strParentDN = "<ParentDN>" ' e.g. cn=Users,dc=rallencorp,dc=com strUserOldName = "<OldUserName>" ' e.g. jsmith strUserNewName = "<NewUserName>" ' e.g. jim ' ------ END CONFIGURATION --------- set objCont = GetObject("LDAP://" & strParentDN) objCont.MoveHere "LDAP://cn=" & strUserOldName & "," & strParentDN, _ "cn=" & strUserNewName set objUser = GetObject("LDAP://cn=" & strUserNewName & "," & strParentDN) objUser.Put "sAMAccountName", strUserNewName objUser.SetInfo WScript.Echo "Rename successful" 6.6.3 DiscussionRenaming a user object can have a couple different meanings in Active Directory. In the generic object sense, renaming an object consists of changing the RDN for the object to something else, such as if cn=jsmith became cn=joe. Typically, you need to rename more than that with users. For example, let's say you had a username naming convention of FirstInitialLastName so Joe Smith's username would be jsmith. Let's pretend that Joe decides one day that Smith is way too common and he wants to be more unique by changing his last name to Einstein. Now his username should be jeinstein. The following attributes would need to change to complete a rename of his object:
While this example may be contrived, it shows that renaming Joe Smith to Joe Einstein can take up to five attribute changes in Active Directory. It is also important to note that if you change any of the first three in the bulleted list (RDN, UPN, or SAM Account Name), you should have the user log off and log back on after the changes have replicated. Since most applications and services rely on user GUID or SID, which doesn't change during a user rename, the person should not be impacted, but you want to have him log off and back on anyway just in case. 6.6.4 See AlsoRecipe 4.19 for renaming objects |
[ Team LiB ] |