Solved

Changing Active Directory Accounts

Posted on 2014-01-10
12
496 Views
Last Modified: 2014-02-09
Changing Active Directory Accounts

In our environment we use employee ID as user logon account example: 199200,199201,etc...

We are planning to switch to first initial last name example Mjohns

so if Michael Johns now logs in with 199200 and rename his account to Mjohns, would that have impacts on his logon or on the applications, or the changes will be synched through AD, and everything will be fine ?

Any help will be very much appreciated.

Thank you
0
Comment
Question by:jskfan
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 2

Assisted Solution

by:ScottRockstad
ScottRockstad earned 125 total points
ID: 39772721
At the very least, I believe that it is likely to create a new user profile on the client computer(s). But you should test that in order to confirm or disprove. If a new user profile is created, of course MJohns will lose all of his user profile customizations from the 199200 profile. And, he will not be able to access the 199200 profile unless he is a local admin.

Test. Test. Test!
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 63 total points
ID: 39772731
0
 
LVL 7

Assisted Solution

by:dsnegi_25dec
dsnegi_25dec earned 63 total points
ID: 39772825
Changing user logon name should not have any impact. It will not change permissions, membership of user ( because user's SID remains unchanged).

But some application can depend on user's former name, so checking one before making changes to bulk users.


1) The users will have to log in with the new name and should be informed.
3) Again, environment-specific, but you also have to be mindful of any third-party apps that authenticate against AD. Some will behave fine; others will not.

Again go for test before doing any changes
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 124 total points
ID: 39772879
If you have Exchange in your environment make sure that you do not have email address policies based on the user account name. If you do you might want to make changes to Exchange accordingly.

Also just to add nothing should change from a windows experience. Profiles etc should remain the same due to SID as mentioned. As for custom apps make sure that they are not tied to the current username password setup you currently have.

You may also want to test with net new accounts first to see how new account react and then test with pre-existing accounts then make the change when you feel comfortable.

Will.
0
 
LVL 2

Assisted Solution

by:ScottRockstad
ScottRockstad earned 125 total points
ID: 39772890
It seems to be the consensus that there will not be any user profile changes on the client computer(s). And the fact that the SID will not change makes sense. While I did state, "you should test that in order to confirm or disprove", I just wasn't sure of the impact of the name changes. I stand corrected, and it appears that you're in good hands. Cheers.
0
 

Author Comment

by:jskfan
ID: 39774669
I am not sure if the user profile will change or not…
because if a user has an existing profile as 999111 which is his windows AD login account,
then if I rename 999111 to Jsmith, I wonder if it will create a new profile or it will overwrite the existing one ?


I also have on each AD user account /under Proile tab, the home folder that is set up to :
\\servername\share\999111
I believe I will have to rename their existing home folders then change the profile path to:
\\servername\share\jsmith
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 124 total points
ID: 39774684
I have done a few tests in my lab and when you change the users sAMAccountName or UPN to a different name the Profile on the workstation "stays" the same. Upon first login (after login have been changed) it appears to create a new profile but it is only rewriting some registry values to update the existing one, so the user uses the same profile.

As for the Network Drives mapped from AD they will remain the same and they will not reflect the new account name, unless you are using the %username% variable. If you create new users and your template is using the %username% variable it will give you the new naming convention.

If you want to match the new names to the old home drives you will have to manully do this or script it.

Will.
0
 

Author Comment

by:jskfan
ID: 39790761
Are you saying the existing user profile (folder)name 999111 will be overwritten by Mjhons when he logs on ?

for home folder, in AD profile tab, the home folder is path is \\server\sharename\999111
though we could have set it up to \\server\sharename\%username%
well it is too late….Now that we will manually go back to each user in AD and change it, for instance:
\\server\sharename\Mjohns.
in this case , will the exiting folder 999111 be overwritten and will become Mjohns or it will create new one ?
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 62 total points
ID: 39845029
The user home folder will stay the dame because that gets expanded from %username % to the actual username at the time and that value gets stored in AD as party of the path. If you have any scripts that rely on %username% or assume that the user profile is in c:\users\%username% will break. If you use redirected folders, I don't know if they will keep the old path or try to move everything to a new network path with the updated %username%.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 63 total points
ID: 39845030
The user profiles works on user SID
Even if you change user SamAccountName \ login info, SID will never change
In case of home folders also it should check that mentioned folder as home folder, does user have full rights or not and obviously it finds that user (SID) has full permissions on home folder and continue to map that.
This SID is registered in client computer registry under ProfileList registry key.

However in contrast if you change home drive path to some thing like
\\server1\home\%username% to match changed loginname (i.e. Prewindows 2000 name), then it might ignore old home drive and create new one as \\server1\home\%username% resolves to new name which is not stored in registry on client computer with user SID

I request \ suggest you to test this with test account in order to confirmation

Mahesh
0
 

Author Closing Comment

by:jskfan
ID: 39845354
Thank you Guys
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
how to add IIS SMTP to handle application/Scanner relays into office 365.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question