We help IT Professionals succeed at work.

Powershell Script to change the SamAcountName and UPN for AD users

antmax00
antmax00 asked
on
11,146 Views
Last Modified: 2012-08-07
I'm looking for a powershell script to change the samAccountname and UPN for all AD users.

I would like the samAccountname to be changed to use the first character of the givenName and the full surName.
 e.g.  : Bob Marley <to> bmarley  

The UPN needs to also be changed to the first character of the givenName and the full surName  using my existing upn suffix
  e.g. : bmarley@mydomain.com
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Hi.

Test this script first. After you satisfied whit result simply remove "-WhatIf" at the end of "Set-ADUser" line and script will change this for all users in domain.
Import-Module ActiveDirectory
$ADUsers = Get-ADUser -Filter *
foreach ($ADUser in $ADUsers) {
	$GivenName = $ADUser.GivenName
	$SurName = $ADUser.Surname
	
	$newSAM = $GivenName.Substring(0,1).ToLower() + $SurName.ToLower()
	$newUPN = $newSAM + "@mydomain.com"

	Set-ADUser $ADUser -SamAccountName $newSAM -UserPrincipalName $newUPN -WhatIf
}

Open in new window

Author

Commented:
Thanks for the quick response. I'm in the midst of testing it out.

Is it possible to have the script skip an Ad user object if either the surName or GivenName is blank/null?  also indicate which AD users were successfully modified?
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Neil RussellTechnical Development Lead
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
Is it possible to have the script skip an Ad user object if either the surName or GivenName is blank/null?
Neil RussellTechnical Development Lead

Commented:
Yes but you have used the -ne NOT EQUAL to null.

So in your original code.....

if we use Givenname = John and Surname = $null.

(($GivenName -ne $null) -or ($SurName -ne $null))

(("john" -ne $null) -or ($null -ne $null))

(($true ) -or ($false))

($true)

Will evaluate to TRUE and therefore the code WILL be executed.

Mine will evaluate as FALSE and the code will be skipped.
Neil RussellTechnical Development Lead

Commented:
So please read both the question AND your answer and evaluate the logic before
Using big bold quotes to contradict somebody please.
CERTIFIED EXPERT

Commented:
True.

My fault. Sorry if I've upset you.
Neil RussellTechnical Development Lead

Commented:
No problem, not upset at all, just dont like to see posts that will mislead the questioner.

Have a good rest of the day :D

Author

Commented:
thank you both, much appreciated.

the script works with the adjustment(-and) !

Can this script also be adjusted to target a specific OU?
CERTIFIED EXPERT

Commented:
Sure can be. Change:
ADUsers = Get-ADUser -Filter *

Open in new window

to:
ADUsers = Get-ADUser -Filter * -SearchBase "OU=Users,DC=my,DC=domain"

Open in new window

Author

Commented:
Can the "($SurName -ne $null)" in the if statement be adjused to skip Ad user objects that have less than 6 characters in the surname?
CERTIFIED EXPERT

Commented:
Sure:
if (($GivenName -ne $null) -and ($SurName -ne $null) -and ($SurName.Length -gt 6))

Open in new window

Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.