Change user's AD account properties // concerns with Yosemite

We have a Yosemite machine where the primary user has recently married and is requesting us to change her name in all of our systems.  Given the quasi-delicate relationship between Apple and Active Directory I am hesitant to just start changing / updating her information in AD and corrupting her profile on her Apple.

The machine is joined to AD, the user logs into her AD account and everything is working fine.

FirstName, Last Name, Display Name -- I would think these AD fields can be changed without any impacts to her computer.  Possibly I need to manually change these in the native Mail.app on her machine but that is OK.

I assume I can also change her primary Exchange alias.

User Logon Name (UPN) and pre-Windows 2000 logon name -- I'm hesitant here --- if this were a windows user I would change them no problem and things end up being fine since the SID does not change; but can I do that with Apple?  On cursory inspection only, it looks like Apple is going more off of user name than the unique identifier so I'm thinking changing these would be problematic.  Is this a correct assumption?

--Mark
LappiMAAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

serialbandCommented:
Apple should only be using the SID.  You can make changes to everything else to the Directory Server entries.

If you don't want to deal with the tedium of manually tweaking all the directory server entries, you may be able to just rejoin the domain with the new account and just copy all the user settings from the old account to the new account and just change the ownership of the files and folders with chown -R ~account_name to recursively change the ownership of all the folders.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LappiMAAuthor Commented:
Would you please explain the context of this portion of your comment:
the tedium of manually tweaking all the directory server entries, you may be able to just rejoin the domain with the new accoun

The user in question doesn't have privileges at the directory level to join the domain; not sure why if I change her network account I would need to rebind the machine; although the copy all settings and reassign permissions does make sense but is what I'm trying to avoid.  I just don't get what you mean about redoing the binding if you could clarify that please.

--Mark
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apple OS

From novice to tech pro — start learning today.