Changing Active Directory Accounts

Changing Active Directory Accounts

In our environment we use employee ID as user logon account example: 199200,199201,etc...

We are planning to switch to first initial last name example Mjohns

so if Michael Johns now logs in with 199200 and rename his account to Mjohns, would that have impacts on his logon or on the applications, or the changes will be synched through AD, and everything will be fine ?

Any help will be very much appreciated.

Thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

At the very least, I believe that it is likely to create a new user profile on the client computer(s). But you should test that in order to confirm or disprove. If a new user profile is created, of course MJohns will lose all of his user profile customizations from the 199200 profile. And, he will not be able to access the 199200 profile unless he is a local admin.

Test. Test. Test!
Changing user logon name should not have any impact. It will not change permissions, membership of user ( because user's SID remains unchanged).

But some application can depend on user's former name, so checking one before making changes to bulk users.

1) The users will have to log in with the new name and should be informed.
3) Again, environment-specific, but you also have to be mindful of any third-party apps that authenticate against AD. Some will behave fine; others will not.

Again go for test before doing any changes
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Will SzymkowskiSenior Solution ArchitectCommented:
If you have Exchange in your environment make sure that you do not have email address policies based on the user account name. If you do you might want to make changes to Exchange accordingly.

Also just to add nothing should change from a windows experience. Profiles etc should remain the same due to SID as mentioned. As for custom apps make sure that they are not tied to the current username password setup you currently have.

You may also want to test with net new accounts first to see how new account react and then test with pre-existing accounts then make the change when you feel comfortable.

It seems to be the consensus that there will not be any user profile changes on the client computer(s). And the fact that the SID will not change makes sense. While I did state, "you should test that in order to confirm or disprove", I just wasn't sure of the impact of the name changes. I stand corrected, and it appears that you're in good hands. Cheers.
jskfanAuthor Commented:
I am not sure if the user profile will change or not…
because if a user has an existing profile as 999111 which is his windows AD login account,
then if I rename 999111 to Jsmith, I wonder if it will create a new profile or it will overwrite the existing one ?

I also have on each AD user account /under Proile tab, the home folder that is set up to :
I believe I will have to rename their existing home folders then change the profile path to:
Will SzymkowskiSenior Solution ArchitectCommented:
I have done a few tests in my lab and when you change the users sAMAccountName or UPN to a different name the Profile on the workstation "stays" the same. Upon first login (after login have been changed) it appears to create a new profile but it is only rewriting some registry values to update the existing one, so the user uses the same profile.

As for the Network Drives mapped from AD they will remain the same and they will not reflect the new account name, unless you are using the %username% variable. If you create new users and your template is using the %username% variable it will give you the new naming convention.

If you want to match the new names to the old home drives you will have to manully do this or script it.

jskfanAuthor Commented:
Are you saying the existing user profile (folder)name 999111 will be overwritten by Mjhons when he logs on ?

for home folder, in AD profile tab, the home folder is path is \\server\sharename\999111
though we could have set it up to \\server\sharename\%username%
well it is too late….Now that we will manually go back to each user in AD and change it, for instance:
in this case , will the exiting folder 999111 be overwritten and will become Mjohns or it will create new one ?
The user home folder will stay the dame because that gets expanded from %username % to the actual username at the time and that value gets stored in AD as party of the path. If you have any scripts that rely on %username% or assume that the user profile is in c:\users\%username% will break. If you use redirected folders, I don't know if they will keep the old path or try to move everything to a new network path with the updated %username%.
The user profiles works on user SID
Even if you change user SamAccountName \ login info, SID will never change
In case of home folders also it should check that mentioned folder as home folder, does user have full rights or not and obviously it finds that user (SID) has full permissions on home folder and continue to map that.
This SID is registered in client computer registry under ProfileList registry key.

However in contrast if you change home drive path to some thing like
\\server1\home\%username% to match changed loginname (i.e. Prewindows 2000 name), then it might ignore old home drive and create new one as \\server1\home\%username% resolves to new name which is not stored in registry on client computer with user SID

I request \ suggest you to test this with test account in order to confirmation


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thank you Guys
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.