Changing AD Account Names

Our domain includes a lot of users who have account names with spaces, e.g. 'Fred Bloggs'.

We need to change this format so that is complies with standards which exclude the use of spaces.

When we change the user account name, will this create a brand new profile on the computer and as such all program configurations will need to be re-configured? I'm also thinking that it would break ActiveSync and roaming profiles would also need to be updated?
HypervizorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SandeshdubeySenior Server EngineerCommented:
Changing the user name will not cause new profile load or break exchange.The user sid will be same and wont have to migrate profile and also they wont lose permission to any resources.

Some things you will want to double check
 1) logon script
 2) user home folder
 3) User profile path
0
Cliff GaliherCommented:
None of the above.

The roaming profile path is specified as an Active Directory property, and is unrelated to username.

For example, my username could be cliff.galiher, and my profile path could be
\\somecomputer\share\profiles\cgaliher

Changing my username would not change my profile path, nor my SID, so logging in will still pull the profile from the path specified and load as expected.

ActiveSync associates with an account based on primary SMTP address, and that already should be without spaces (as SMTP has never allowed this), and would continue to work. Exchange objects are secured by SID as well, so syncing would continue.

If you change the primary SMTP address then you may need to reconfigure the device and initiate a new sync, but no other changes should be required.

-Cliff
0
SandeshdubeySenior Server EngineerCommented:
The above is applicable if the user logon name is also changed.If only the display name is changed then it should not be an issue.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

HypervizorAuthor Commented:
If I change the account name used for logging on e.g. Fred Bloggs to Fred.Bloggs won't this create a new profile on the workstation as its interpreted as a new account there?
0
HypervizorAuthor Commented:
Or are you saying that when an account is created and you have a SID defined, regardless if what you change from that point onwards, e.g. Display name, account login name etc then the SID remains constant and even on the persons PC when using a new login name, no new profile is created?

I'm sure I tried this with a test account previously and when changing FredB to Fred.bloggs the users PC created a new profile alongside FredB?
0
Cliff GaliherCommented:
No it will not. To understand why, you have to understand the process:

1) A user account has an SID. This does *not* change when an account is renamed.

2) When you log into a computer (assuming roaming profiles are not used), the logon process looks for your account settings in the local user registry hive and loads them into the "current user" hive (HKCU). This search is based on SID.

3) One of the registry settings is the profile path. So the logon process then proceeds to load the profile at the path specified.

So...if this is a first logon, the logon process creates a new registry subtree based on the SID and then creates a new profile directory. It then sets the profile path in the registry to this new directory.

So what happens when you rename an account? The search is by SID, so the same registry stuff gets loaded, including the OLD path, and the profile still loads just fine. No problems.

Now if you start trying to rename directories and messing with ACLs, sure you can break things. But since Windows was designed to work of SIDs, not account names internally, you can do a lot of things without breaking how the system finds data.

Hope that better explains why a rename won't break a local profile.

-Cliff
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TheonWCommented:
First how did you create a user name with a space? What version of windows? you can create a display name with a space but Windows AD should allow spaces in the user name.
0
SandeshdubeySenior Server EngineerCommented:
As suggested earlier it will not load new profile If  you change the account name used for logging on e.g. Fred Bloggs to Fred.Bloggs. You need to cross check  below parameter as same needs to be taken care.
 1) logon script
 2) user home folder
 3) User profile path (roaming/folder redirection).etc.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.