Link to home
Start Free TrialLog in
Avatar of antmax00
antmax00Flag for United States of America

asked on

Powershell Script to change the SamAcountName and UPN for AD users

I'm looking for a powershell script to change the samAccountname and UPN for all AD users.

I would like the samAccountname to be changed to use the first character of the givenName and the full surName.
 e.g.  : Bob Marley <to> bmarley  

The UPN needs to also be changed to the first character of the givenName and the full surName  using my existing upn suffix
  e.g. : bmarley@mydomain.com
Avatar of X Layer
X Layer
Flag of Slovenia image

Hi.

Test this script first. After you satisfied whit result simply remove "-WhatIf" at the end of "Set-ADUser" line and script will change this for all users in domain.
Import-Module ActiveDirectory
$ADUsers = Get-ADUser -Filter *
foreach ($ADUser in $ADUsers) {
	$GivenName = $ADUser.GivenName
	$SurName = $ADUser.Surname
	
	$newSAM = $GivenName.Substring(0,1).ToLower() + $SurName.ToLower()
	$newUPN = $newSAM + "@mydomain.com"

	Set-ADUser $ADUser -SamAccountName $newSAM -UserPrincipalName $newUPN -WhatIf
}

Open in new window

Avatar of antmax00

ASKER

Thanks for the quick response. I'm in the midst of testing it out.

Is it possible to have the script skip an Ad user object if either the surName or GivenName is blank/null?  also indicate which AD users were successfully modified?
ASKER CERTIFIED SOLUTION
Avatar of X Layer
X Layer
Flag of Slovenia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Is it possible to have the script skip an Ad user object if either the surName or GivenName is blank/null?
Yes but you have used the -ne NOT EQUAL to null.

So in your original code.....

if we use Givenname = John and Surname = $null.

(($GivenName -ne $null) -or ($SurName -ne $null))

(("john" -ne $null) -or ($null -ne $null))

(($true ) -or ($false))

($true)

Will evaluate to TRUE and therefore the code WILL be executed.

Mine will evaluate as FALSE and the code will be skipped.
So please read both the question AND your answer and evaluate the logic before
Using big bold quotes to contradict somebody please.
True.

My fault. Sorry if I've upset you.
No problem, not upset at all, just dont like to see posts that will mislead the questioner.

Have a good rest of the day :D
thank you both, much appreciated.

the script works with the adjustment(-and) !

Can this script also be adjusted to target a specific OU?
Sure can be. Change:
ADUsers = Get-ADUser -Filter *

Open in new window

to:
ADUsers = Get-ADUser -Filter * -SearchBase "OU=Users,DC=my,DC=domain"

Open in new window

Can the "($SurName -ne $null)" in the if statement be adjused to skip Ad user objects that have less than 6 characters in the surname?
Sure:
if (($GivenName -ne $null) -and ($SurName -ne $null) -and ($SurName.Length -gt 6))

Open in new window