Changing Active Directory Accounts

Posted on 2014-01-10
Last Modified: 2014-02-09
Changing Active Directory Accounts

In our environment we use employee ID as user logon account example: 199200,199201,etc...

We are planning to switch to first initial last name example Mjohns

so if Michael Johns now logs in with 199200 and rename his account to Mjohns, would that have impacts on his logon or on the applications, or the changes will be synched through AD, and everything will be fine ?

Any help will be very much appreciated.

Thank you
Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4

Assisted Solution

ScottRockstad earned 125 total points
ID: 39772721
At the very least, I believe that it is likely to create a new user profile on the client computer(s). But you should test that in order to confirm or disprove. If a new user profile is created, of course MJohns will lose all of his user profile customizations from the 199200 profile. And, he will not be able to access the 199200 profile unless he is a local admin.

Test. Test. Test!

Assisted Solution

rawinnlnx9 earned 63 total points
ID: 39772731

Assisted Solution

dsnegi_25dec earned 63 total points
ID: 39772825
Changing user logon name should not have any impact. It will not change permissions, membership of user ( because user's SID remains unchanged).

But some application can depend on user's former name, so checking one before making changes to bulk users.

1) The users will have to log in with the new name and should be informed.
3) Again, environment-specific, but you also have to be mindful of any third-party apps that authenticate against AD. Some will behave fine; others will not.

Again go for test before doing any changes
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 124 total points
ID: 39772879
If you have Exchange in your environment make sure that you do not have email address policies based on the user account name. If you do you might want to make changes to Exchange accordingly.

Also just to add nothing should change from a windows experience. Profiles etc should remain the same due to SID as mentioned. As for custom apps make sure that they are not tied to the current username password setup you currently have.

You may also want to test with net new accounts first to see how new account react and then test with pre-existing accounts then make the change when you feel comfortable.


Assisted Solution

ScottRockstad earned 125 total points
ID: 39772890
It seems to be the consensus that there will not be any user profile changes on the client computer(s). And the fact that the SID will not change makes sense. While I did state, "you should test that in order to confirm or disprove", I just wasn't sure of the impact of the name changes. I stand corrected, and it appears that you're in good hands. Cheers.

Author Comment

ID: 39774669
I am not sure if the user profile will change or not…
because if a user has an existing profile as 999111 which is his windows AD login account,
then if I rename 999111 to Jsmith, I wonder if it will create a new profile or it will overwrite the existing one ?

I also have on each AD user account /under Proile tab, the home folder that is set up to :
I believe I will have to rename their existing home folders then change the profile path to:
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 124 total points
ID: 39774684
I have done a few tests in my lab and when you change the users sAMAccountName or UPN to a different name the Profile on the workstation "stays" the same. Upon first login (after login have been changed) it appears to create a new profile but it is only rewriting some registry values to update the existing one, so the user uses the same profile.

As for the Network Drives mapped from AD they will remain the same and they will not reflect the new account name, unless you are using the %username% variable. If you create new users and your template is using the %username% variable it will give you the new naming convention.

If you want to match the new names to the old home drives you will have to manully do this or script it.


Author Comment

ID: 39790761
Are you saying the existing user profile (folder)name 999111 will be overwritten by Mjhons when he logs on ?

for home folder, in AD profile tab, the home folder is path is \\server\sharename\999111
though we could have set it up to \\server\sharename\%username%
well it is too late….Now that we will manually go back to each user in AD and change it, for instance:
in this case , will the exiting folder 999111 be overwritten and will become Mjohns or it will create new one ?
LVL 42

Assisted Solution

kevinhsieh earned 62 total points
ID: 39845029
The user home folder will stay the dame because that gets expanded from %username % to the actual username at the time and that value gets stored in AD as party of the path. If you have any scripts that rely on %username% or assume that the user profile is in c:\users\%username% will break. If you use redirected folders, I don't know if they will keep the old path or try to move everything to a new network path with the updated %username%.
LVL 37

Accepted Solution

Mahesh earned 63 total points
ID: 39845030
The user profiles works on user SID
Even if you change user SamAccountName \ login info, SID will never change
In case of home folders also it should check that mentioned folder as home folder, does user have full rights or not and obviously it finds that user (SID) has full permissions on home folder and continue to map that.
This SID is registered in client computer registry under ProfileList registry key.

However in contrast if you change home drive path to some thing like
\\server1\home\%username% to match changed loginname (i.e. Prewindows 2000 name), then it might ignore old home drive and create new one as \\server1\home\%username% resolves to new name which is not stored in registry on client computer with user SID

I request \ suggest you to test this with test account in order to confirmation


Author Closing Comment

ID: 39845354
Thank you Guys

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question