Recipe 6.6 Renaming a User

6.6.1 Problem

You want to rename a user.

6.6.2 Solution Using a graphical user interface
  1. Open the Active Directory Users and Computers snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Type the name of the user and click Find Now.

  4. In the Search Results, right-click on the user and select Rename.

  5. You can modify the Full Name, Last Name, First Name, Display Name, User Principal Name (logon name), and SAM Account Name (pre-Windows 2000).

  6. Click OK after you are done. Using a command-line interface

The following command will rename the RDN of the user:

> dsmove "<UserDN>" -newname "<NewUserName>"

You can modify the UPN (-upn), First Name (-fn), Last Name (-ln), and Display Name (-display) using the dsmod user command. For example, the following command would change the user's UPN and last name:

> dsmod user "<UserDN>" -upn "<NewUserUPN>" -ln "<NewUserLastName>" Using VBScript
' This code renames the RDN of a user and the sAMAccountName attribute.
strParentDN    = "<ParentDN>"    ' e.g. cn=Users,dc=rallencorp,dc=com
strUserOldName = "<OldUserName>" ' e.g. jsmith
strUserNewName = "<NewUserName>" ' e.g. jim
' ------ END CONFIGURATION ---------

set objCont = GetObject("LDAP://" & strParentDN)
objCont.MoveHere "LDAP://cn=" & strUserOldName & "," & strParentDN, _
                 "cn=" & strUserNewName
set objUser = GetObject("LDAP://cn=" & strUserNewName & "," & strParentDN)
objUser.Put "sAMAccountName", strUserNewName
WScript.Echo "Rename successful"

6.6.3 Discussion

Renaming a user object can have a couple different meanings in Active Directory. In the generic object sense, renaming an object consists of changing the RDN for the object to something else, such as if cn=jsmith became cn=joe. Typically, you need to rename more than that with users. For example, let's say you had a username naming convention of FirstInitialLastName so Joe Smith's username would be jsmith. Let's pretend that Joe decides one day that Smith is way too common and he wants to be more unique by changing his last name to Einstein. Now his username should be jeinstein. The following attributes would need to change to complete a rename of his object:

  • His RDN should change from cn=jsmith to cn=jeinstein.

  • His sAMAccountName should change to jeinstein.

  • His userPrincipalName (UPN) should change to

  • His mail (email address) attribute should change to

  • His sn (last name) attribute should change to Einstein.

While this example may be contrived, it shows that renaming Joe Smith to Joe Einstein can take up to five attribute changes in Active Directory. It is also important to note that if you change any of the first three in the bulleted list (RDN, UPN, or SAM Account Name), you should have the user log off and log back on after the changes have replicated. Since most applications and services rely on user GUID or SID, which doesn't change during a user rename, the person should not be impacted, but you want to have him log off and back on anyway just in case.

6.6.4 See Also

Recipe 4.19 for renaming objects

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List