Renaming a user account in AD

This post contains a few methods to rename an account in Active Directory - the end result is moving the account to the same container with a new name, and then typically updating other attributes such as the sAMAccountName.

The same results can generally be achieved serveral ways:

1. Use the 'dsmove -newname' command, and possibly the 'dsmod user -upn' command
   
2. Run the VBScript below
   
3. Use ldifde to modify the relevant attributes
   
4. use dsa.msc to rename the account through the GUI

Notes:

1. This does not modify the mailNickname, the userPrincipalName or the primary or proxy e-mail attributes, which you may also want to do as part of renaming an account.
   
2. The RDN attribute has the LDAP display name of 'Name', automatically updated when you modify the CN/DN of an object

' -- RenameAccount.vbs -- '
If WScript.Arguments.UnNamed.Count = 3 Then
 sOU = WScript.Arguments.UnNamed(0)
 sExistingCN = WScript.Arguments.UnNamed(1)
 sNewCN = WScript.Arguments.UnNamed(2)
Else
 WScript.Echo "Please supply an OU, and the old and new CN, eg RenameAccount.vbs ""CN=Users,DC=domain,DC=com"" AccountOld AccountNew"
 WScript.Quit(0)
End If

If sExistingCN = "" OR sOU = "" OR sNewCN = "" Then
 wscript.quit(2)
Else
 wscript.echo "Moving " & "LDAP://cn=" & sExistingCN & "," & sOU & ", to " & sNewCN
End If


Set objOU = GetObject("LDAP://" & sOU)
objOU.MoveHere "LDAP://cn=" & sExistingCN & "," & sOU, "cn=" & sNewCN   ' Rename the account

sUserADsPath = "LDAP://cn=" & sNewCN & "," & sOU
Set oUser = GetObject(sUserADsPath)       ' Get the newly renamed object

wscript.echo "Current SAM account name: " & oUser.sAMAccountName
oUser.sAMAccountName = sNewCN        ' Update the sAMAccountName attribute
oUser.SetInfo          ' Write the object
wscript.echo "New SAM account name: " & oUser.sAMAccountName

-

References: RDN attribute on MSDN: http://msdn.microsoft.com/en-us/library/ms678697(VS.85).aspx
Wayne's World of IT (WWoIT), Copyright 2008 Wayne Martin.