?
Solved

Need assistance in changing my current usernames in AD to lowercase

Posted on 2009-12-17
11
Medium Priority
?
539 Views
Last Modified: 2012-09-10
Hi, it has been awhile since I needed the expert's advice/assistance.  Not sure what that means.  LOL.

Anyways, I am needing to change all usernames (full names) of a particular OU to all lowercase for a database migration.  I thought I read somewhere a long time ago about such a thing or technique to accomplish this.

Currently, I am running...

Server: Windows Server 2003 - Standard
Active Directory : LDAP
OU: contains about 3500+ accounts

The usernames first letter are capitalized and the rest lowercase.  I am required to modify all these usernames to all lowercase.

Any ideas or links would be amazingly appreciated.

Thanks for your time.

Bob
0
Comment
Question by:rsnellman
  • 6
  • 4
11 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 26076427
Hi, I just did the same thing, but for the samAccountName of every user in my AD.  Here is the script that did that, as well as writing a log of what changed.

If you need assistance changing it to modify only First Name, Last Name, and Display Names, I can help with that.

You can restrict it to a certain OU, by changing
FROM 'LDAP://" & strDNSDomain & "' WHERE

to
FROM 'LDAP://OU=Users,OU=OfficeA," & strDNSDomain & "' WHERE

Regards,

Rob.
Option Explicit
Dim objCommand, objConnection, objRecordset
Dim objRootDSE, strDNSDomain, strNTName, strNewName, strNewPN, strUserDN, strUserPN, objUser
Dim boolNeedToChange
Dim objFSO, strLogFile, objLogFile

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT sAMAccountName,distinguishedName,userPrincipalName FROM 'LDAP://" & strDNSDomain & "' WHERE objectCategory='person' AND objectClass='user'"

' Run the query.
Set objRecordset = objCommand.Execute

strLogFile = "Convert_All_User_Login_IDs_To_LowerCase_Log.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.CreateTextFile(strLogFile, True)
objLogFile.WriteLine "Script started: " & Now

' Enumerate the resulting recordset.
While Not objRecordSet.EOF
	' Retrieve values and display.
	strNTName = objRecordset.Fields("sAMAccountName").Value
	strUserDN = objRecordset.Fields("distinguishedName").value
	strUserPN = objRecordset.Fields("userPrincipalName").value
	' Make sAMAccountName all lower case.
	strNewName = LCase(strNTName)
	' Make userPrincipalName all lower case.
	strNewPN = LCase(strUserPN)
	' Check if sAMAccountName should be modified.
	boolNeedToChange = False
	'If strNewName = "rsampson" Then
		'MsgBox strNTName & VbCrLf & strNewName & VbCrLf & strUserPN
		If strNTName <> strNewName Or strUserPN <> strNewPN Then
			boolNeedToChange = True
		End If
		If boolNeedToChange = True Then
			' Bind to the user object.
			Set objUser = GetObject("LDAP://" & strUserDN)
			' Assign new value for sAMAccountName.
			objLogFile.WriteLine VbCrLf & "Setting " & strNTName & " to " & strNewName
			objUser.sAMAccountName = strNewName
			If strUserPN <> "" Then
				' Assign new value for userPrincipalName.
				objLogFile.WriteLine "Setting " & strUserPN & " to " & strNewPN
				objUser.userPrincipalName = strNewPN
			Else
				objLogFile.WriteLine strNewName & " has no userPrincipalName"
			End If
			' Save changes.
			objUser.SetInfo
		End If
	'End If
	' Move to the next record in the recordset.
	objRecordSet.MoveNext
Wend

objLogFile.WriteLine VbCrLf & "Script ended: " & Now
objLogFile.Close

' Clean up.
objRecordset.Close
objConnection.Close

MsgBox "Done"

Open in new window

0
 
LVL 7

Expert Comment

by:krishnasmtpport25
ID: 26079407
Hi,

You can use this below Powershell script to pull change the case of Firstname, Lastname and SAM account name to Lowercase.

It needs Active roles powersshell snap in to execute this script. You can download active roles cmdlet from

$users = Get-content C:\users.txt | Get-Qaduser | Select-Object FirstName,Lastname,SamAccountName,LogonName

foreach ($user in $users)
{
[string]$Fname = $user.FirstName
$FName = $FName.ToLower()

[string]$Lname = $user.Lname
$Lname = $Lname.ToLower()

[string]$SamName = $user.$SamAccountName
$SamName = $SamName.ToLower()

get-Qaduser -identity $LogonName -Firstname $FName -Lastname $Lname -SamAccountName $SamName
}



Regards,
Krishna
0
 

Author Comment

by:rsnellman
ID: 26104841
OK, I will give this a try on a couple of test accounts and let you know the results.

Thanks again.

Bob
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Expert Comment

by:RobSampson
ID: 26108450
Remember that my script does the samAccountName, not the Display Name, First Name, and Last Names that you have requested.  Don't forget to change the script accordingly.

If you need assistance with that, I can do it for you.

Regards,

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 26108463
Oh, and for testing, in my code, you'll see i had this:
'If strNewName = "rsampson" Then
.....
'End If

If you want to uncomment those lines, you can specify a specific logon name to only run against.

Regards,

Rob.
0
 

Author Comment

by:rsnellman
ID: 26296730
Hi,...sorry it has been a while since getting back to you all.  You know how the holidays are and then school starting back up and all that...time gets away from you.

Anyways, I am ready to try this.  Now Rob this script is vbscript, correct?  Remember I am far from a scripter and it looks sort of familar...so I would say it is, but want to make sure.  Now the only part of the accounts I am concerned about is the Full Name and maybe the display name.  The rest can stay the same as are now.

So, this script will do that for me?

Thanks again.

Bob
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 26297646
My script is VBScript, yes, but it only lowercases the samAccountName at the moment....I'll change it to do the full name shortly.....

Rob.
0
 

Author Comment

by:rsnellman
ID: 26298658
OK, thanks.  Yes, I need the fulname or aka cn to be lowercased.  The rest, like First Name, Last Name can remain uppercased.

Thanks again.

Bob
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 26298731
From what I can remember, CN is actually a different attribute to Display Name.  You can change DisplayName fine, but to change the CN, you actually to "rename" the account. I'll test it out and let you know.

Rob.
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 26298901
I was right, to change the CN you do need to rename the account, but that is done in the script now.

This script will rename the account, to change the CN to lowercase, and also change the displayName attribute to lowercase.

It will log to
strLogFile = "Convert_All_User_DisplayNames_and_CNs_To_LowerCase_Log.txt"

for all of the users in
strOU = "OU=TestUsers,OU=TestOU,"

and that OUs sub OUs.

When specifying the OU, type it in reverse order. The example above refers to
domain.com/TestOU/TestUsers
in my domain.

Regards,

Rob.
Option Explicit 
Dim objCommand, objConnection, objRecordset, strUserADsPath, objOU
Dim objRootDSE, strDNSDomain, strOU, strDisplayName, strNewDisplayName, strNewCN, strUserCN, objUser 
Dim boolNeedToChange 
Dim objFSO, strLogFile, objLogFile 
 
' Search entire Active Directory domain. 
Set objRootDSE = GetObject("LDAP://RootDSE")
strOU = "OU=TestUsers,OU=TestOU,"
If strOU <> "" Then
	If Right(strOU, 1) <> "," Then strOU = strOU & ","
End If

strDNSDomain = objRootDSE.Get("defaultNamingContext") 
 
Const ADS_SCOPE_SUBTREE = 2 
 
Set objConnection = CreateObject("ADODB.Connection") 
Set objCommand =   CreateObject("ADODB.Command") 
objConnection.Provider = "ADsDSOObject" 
objConnection.Open "Active Directory Provider" 
Set objCommand.ActiveConnection = objConnection 
 
objCommand.Properties("Page Size") = 1000 
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE  
 
objCommand.CommandText = _ 
    "SELECT displayName,cn,adsPath FROM 'LDAP://" & strOU & strDNSDomain & "' WHERE objectCategory='person' AND objectClass='user'" 
 
' Run the query. 
Set objRecordset = objCommand.Execute 
 
strLogFile = "Convert_All_User_DisplayNames_and_CNs_To_LowerCase_Log.txt" 
Set objFSO = CreateObject("Scripting.FileSystemObject") 
Set objLogFile = objFSO.CreateTextFile(strLogFile, True) 
objLogFile.WriteLine "Script started: " & Now 
 
' Enumerate the resulting recordset. 
While Not objRecordSet.EOF 
        ' Retrieve values and display. 
        strDisplayName = objRecordset.Fields("displayName").Value 
        strUserADSPath = objRecordset.Fields("adsPath").value 
        strUserCN = objRecordset.Fields("cn").value 
        ' Make sAMAccountName all lower case. 
        strNewDisplayName = LCase(strDisplayName) 
        ' Make userPrincipalName all lower case. 
        strNewCN = LCase(strUserCN) 
        ' Check if sAMAccountName should be modified. 
        boolNeedToChange = False
        'MsgBox strDisplayName & VbCrLf & strNewDisplayName & VbCrLf & strUserCN & VbCrLf & strNewCN
        If strDisplayName <> strNewDisplayName Or strUserCN <> strNewCN Then 
                boolNeedToChange = True 
        End If
        If boolNeedToChange = True Then 
                ' Bind to the user object. 
                Set objUser = GetObject(strUserADsPath) 
                ' Assign new value for displayName. 
                objLogFile.WriteLine VbCrLf & "Setting DisplayName from " & strDisplayName & " to " & strNewDisplayName 
                objUser.displayName = strNewDisplayName 
                ' Save changes. 
                objUser.SetInfo 
                ' Assign new value for Canononical Name.
                objLogFile.WriteLine VbCrLf & "Renaming acount (to change CN) from " & strUserCN & " to " & strNewCN 
                Set objOU = GetObject(Replace(strUserADsPath, "CN=" & strUserCN & ",", ""))
                objOU.MoveHere strUserADsPath, "CN=" & strNewCN
        End If 
        ' Move to the next record in the recordset. 
        objRecordSet.MoveNext 
Wend 
 
objLogFile.WriteLine VbCrLf & "Script ended: " & Now 
objLogFile.Close 
 
' Clean up. 
objRecordset.Close 
objConnection.Close 
 
MsgBox "Done"

Open in new window

0
 

Author Closing Comment

by:rsnellman
ID: 31667571
Thanks for everything.

Bob
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question