Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

rename users accounts in Active Directory

Posted on 2012-03-18
8
Medium Priority
?
1,300 Views
Last Modified: 2012-04-01
Dear All,

We have a policy which required us to rename most of our user accounts in the active directory; we have to rename the login name.
I would like to ask if this is will have any affection for the user’s permissions, email, internet … etc.
we have windows 2008 R2 SP1 active directory.

Thanks
0
Comment
Question by:ACS2012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Assisted Solution

by:micropc1
micropc1 earned 800 total points
ID: 37734894
It will effect it from the user's perspective - they'll have to type in a different username. NTFS permissions, Exchange mailboxes, etc won't care because those things are associated with the account's SID; however, its possible there are other 3rd party applications that use the name...
0
 
LVL 6

Assisted Solution

by:dave_it
dave_it earned 400 total points
ID: 37734959
As mentioned above, the users will need to logon with this new name, but changing the logon name shouldn't affect any Active Directory-based permissions, which are SID-based.  3rd party apps that use AD authentication should be ok as well.
0
 
LVL 7

Accepted Solution

by:
micropc1 earned 800 total points
ID: 37735000
Right - 3rd party apps will still be able to authenticate to AD just fine. My concern was any 3rd party apps that might store the AD username - not the SID - internally for some reason - you would need to configure those with the updated information.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 4

Assisted Solution

by:ltsweb
ltsweb earned 400 total points
ID: 37735070
You can certainly rename an AD account as it is often done when someone's name changes or you want to create uniformity inside of your AD.

Assuming you are using Exchange, make sure that the Email Default Address Template is properly configured to use the email address you want to use.  Some people base their email address on the user/logon name; others Alias, and some custom.

This could be a good opportunity to make sure your default email addresses also match your new policy which I assume will be something like first initial last name.

You should also try using a command line prompt to make things go easier:

wmic useraccount where "name='username' " rename new_username

Many other cool command line options to reset passwords, make them change on next logon, etc.

Regards!
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37739331
I've had it make a mess out of the email system and the Outlook Profile.  This was after someone got married and their named changed.   Nothing would ever get it acting properly until I renamed the account back to the original name.  After that I never change the spelling of an account,...particularly after it has been in use for a while.  I will change the Display Name but never the actual username.
0
 
LVL 7

Expert Comment

by:hirenvmajithiya
ID: 37740844
I think changing username will have no effect as they are just logical representation to us. Actual(real) identity of any object in AD is SID. This is going to be the same even if you rename username.

Hiren
0
 
LVL 29

Assisted Solution

by:pwindell
pwindell earned 400 total points
ID: 37743168
I think changing username will have no effect as they are just logical representation to us. Actual(real) identity of any object in AD is SID. This is going to be the same even if you rename username.

Well,...you can think that....but I lived it.   I fought with it for a whole day before giving up and renaming the account back again.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37743177
It ain't about SIDs....it is about the Fully Qualified Canonical Directory names in AD.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question