This post contains a few methods to rename an account in Active Directory - the end result is moving the account to the same container with a new name, and then typically updating other attributes such as the sAMAccountName.
The same results can generally be achieved serveral ways:
- Use the 'dsmove -newname' command, and possibly the 'dsmod user -upn' command
- Run the VBScript below
- Use ldifde to modify the relevant attributes
- use dsa.msc to rename the account through the GUI
Notes:
- This does not modify the mailNickname, the userPrincipalName or the primary or proxy e-mail attributes, which you may also want to do as part of renaming an account.
- The RDN attribute has the LDAP display name of 'Name', automatically updated when you modify the CN/DN of an object
' -- RenameAccount.vbs -- '
If WScript.Arguments.UnNamed.Count = 3 Then
sOU = WScript.Arguments.UnNamed(0)
sExistingCN = WScript.Arguments.UnNamed(1)
sNewCN = WScript.Arguments.UnNamed(2)
Else
WScript.Echo "Please supply an OU, and the old and new CN, eg RenameAccount.vbs ""CN=Users,DC=domain,DC=com"" AccountOld AccountNew"
WScript.Quit(0)
End If
If sExistingCN = "" OR sOU = "" OR sNewCN = "" Then
wscript.quit(2)
Else
wscript.echo "Moving " & "LDAP://cn=" & sExistingCN & "," & sOU & ", to " & sNewCN
End If
Set objOU = GetObject("LDAP://" & sOU)
objOU.MoveHere "LDAP://cn=" & sExistingCN & "," & sOU, "cn=" & sNewCN ' Rename the account
sUserADsPath = "LDAP://cn=" & sNewCN & "," & sOU
Set oUser = GetObject(sUserADsPath) ' Get the newly renamed object
wscript.echo "Current SAM account name: " & oUser.sAMAccountName
oUser.sAMAccountName = sNewCN ' Update the sAMAccountName attribute
oUser.SetInfo ' Write the object
wscript.echo "New SAM account name: " & oUser.sAMAccountName
-
Wayne's World of IT (WWoIT), Copyright 2008 Wayne Martin.
No comments:
Post a Comment