Solved

Changing Active Directory Accounts

Posted on 2014-01-10
12
485 Views
Last Modified: 2014-02-09
Changing Active Directory Accounts

In our environment we use employee ID as user logon account example: 199200,199201,etc...

We are planning to switch to first initial last name example Mjohns

so if Michael Johns now logs in with 199200 and rename his account to Mjohns, would that have impacts on his logon or on the applications, or the changes will be synched through AD, and everything will be fine ?

Any help will be very much appreciated.

Thank you
0
Comment
Question by:jskfan
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 2

Assisted Solution

by:ScottRockstad
ScottRockstad earned 125 total points
ID: 39772721
At the very least, I believe that it is likely to create a new user profile on the client computer(s). But you should test that in order to confirm or disprove. If a new user profile is created, of course MJohns will lose all of his user profile customizations from the 199200 profile. And, he will not be able to access the 199200 profile unless he is a local admin.

Test. Test. Test!
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 63 total points
ID: 39772731
0
 
LVL 7

Assisted Solution

by:dsnegi_25dec
dsnegi_25dec earned 63 total points
ID: 39772825
Changing user logon name should not have any impact. It will not change permissions, membership of user ( because user's SID remains unchanged).

But some application can depend on user's former name, so checking one before making changes to bulk users.


1) The users will have to log in with the new name and should be informed.
3) Again, environment-specific, but you also have to be mindful of any third-party apps that authenticate against AD. Some will behave fine; others will not.

Again go for test before doing any changes
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 124 total points
ID: 39772879
If you have Exchange in your environment make sure that you do not have email address policies based on the user account name. If you do you might want to make changes to Exchange accordingly.

Also just to add nothing should change from a windows experience. Profiles etc should remain the same due to SID as mentioned. As for custom apps make sure that they are not tied to the current username password setup you currently have.

You may also want to test with net new accounts first to see how new account react and then test with pre-existing accounts then make the change when you feel comfortable.

Will.
0
 
LVL 2

Assisted Solution

by:ScottRockstad
ScottRockstad earned 125 total points
ID: 39772890
It seems to be the consensus that there will not be any user profile changes on the client computer(s). And the fact that the SID will not change makes sense. While I did state, "you should test that in order to confirm or disprove", I just wasn't sure of the impact of the name changes. I stand corrected, and it appears that you're in good hands. Cheers.
0
 

Author Comment

by:jskfan
ID: 39774669
I am not sure if the user profile will change or not…
because if a user has an existing profile as 999111 which is his windows AD login account,
then if I rename 999111 to Jsmith, I wonder if it will create a new profile or it will overwrite the existing one ?


I also have on each AD user account /under Proile tab, the home folder that is set up to :
\\servername\share\999111
I believe I will have to rename their existing home folders then change the profile path to:
\\servername\share\jsmith
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 124 total points
ID: 39774684
I have done a few tests in my lab and when you change the users sAMAccountName or UPN to a different name the Profile on the workstation "stays" the same. Upon first login (after login have been changed) it appears to create a new profile but it is only rewriting some registry values to update the existing one, so the user uses the same profile.

As for the Network Drives mapped from AD they will remain the same and they will not reflect the new account name, unless you are using the %username% variable. If you create new users and your template is using the %username% variable it will give you the new naming convention.

If you want to match the new names to the old home drives you will have to manully do this or script it.

Will.
0
 

Author Comment

by:jskfan
ID: 39790761
Are you saying the existing user profile (folder)name 999111 will be overwritten by Mjhons when he logs on ?

for home folder, in AD profile tab, the home folder is path is \\server\sharename\999111
though we could have set it up to \\server\sharename\%username%
well it is too late….Now that we will manually go back to each user in AD and change it, for instance:
\\server\sharename\Mjohns.
in this case , will the exiting folder 999111 be overwritten and will become Mjohns or it will create new one ?
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 62 total points
ID: 39845029
The user home folder will stay the dame because that gets expanded from %username % to the actual username at the time and that value gets stored in AD as party of the path. If you have any scripts that rely on %username% or assume that the user profile is in c:\users\%username% will break. If you use redirected folders, I don't know if they will keep the old path or try to move everything to a new network path with the updated %username%.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 63 total points
ID: 39845030
The user profiles works on user SID
Even if you change user SamAccountName \ login info, SID will never change
In case of home folders also it should check that mentioned folder as home folder, does user have full rights or not and obviously it finds that user (SID) has full permissions on home folder and continue to map that.
This SID is registered in client computer registry under ProfileList registry key.

However in contrast if you change home drive path to some thing like
\\server1\home\%username% to match changed loginname (i.e. Prewindows 2000 name), then it might ignore old home drive and create new one as \\server1\home\%username% resolves to new name which is not stored in registry on client computer with user SID

I request \ suggest you to test this with test account in order to confirmation

Mahesh
0
 

Author Closing Comment

by:jskfan
ID: 39845354
Thank you Guys
0

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video discusses moving either the default database or any database to a new volume.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now