AD Rename Users "Name" to match Display Name

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of Peter Jurgens Peter Jurgens 2 days, 10 hours ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #54473

    Hi all,

    I'm trying to come up with a script that I can select an OU and rename each user account so the "Name" field matches the Display name. The display name has been changed to format Last, First MI. The name in ADUC is still First Last MI and I understand that's actually the CN and I would have to rename each of those accts. Just not sure the best way to script that out. Any help would be appreciated.

    #54474
    Profile photo of Don Jones
    Don Jones
    Keymaster

    So... do be aware that changing the CN can have some significant impact on authentication. Make very sure this is what you want to do. This can even impact what users have to log on as.

    You would probably start with Get-ADUser, specifying a -SearchBase of your OU. Then, for each user object returned, you can use Set-ADUser to modify the object in whatever way you want.

    But the canonical name is a _big deal_. Again, make very sure you understand the impact and consequences, and how CN relates to samAccountName, and how it's all used by authentication throughout your environment. Anything with a dependency on the old CN will break, badly, and you might not be aware of all the things that have a dependency on the CN.

    #54479

    Right, I'm a little worried about doing this to be honest. A few years ago, someone had renamed all users including their CN to First Last MI and we purchased another company and they are Last, First MI. so now they want all users with the same format as the company that was purchased. I want to do it on a per OU basis and have users do some extensive testing for their applications.

    How would I write the script to get the display name for each user in the OU and rename each with the display name? That's what I'm struggling to figure out.

    #54482
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Well, short of writing the script for you...

    Get-ADUser -filter * searchbase "whatever" -Prop * |
    ForEach-Object {
    # $_ represents the user, $_.DisplayName would be the present DisplayName
    $_ | Set-ADUser -Parameter value -Parameter value
    }

    But you're going to have to reformat the DisplayName, which is a string, into CN format. That's String manipulation. The System.String class has a lot of methods for splitting the string, extracting pieces of it, and so on – but yes, this is the hard part. It'd be easier if you took a whack at it, ran into a problem, and then asked about that problem (on a new thread). It's a bit easier to help when there's a concrete example in front of us, and when you've got a starting point.

    #54486

    Ok, thanks so much

    #54520
    Profile photo of Dan Potter
    Dan Potter
    Participant

    TEST TEST TEST.. Years ago using quest I managed to change 7000 users display names to '$_.displayname' It made talking to people on lync a little difficult. =D

    #54587
    Profile photo of Peter Jurgens
    Peter Jurgens
    Participant

    I will reiterate the D*ns' posts with regard to testing. Most applications that are decently integrated with AD should be OK but I imagine an application that may use the distinguishedname to identify users in AD but it doesn't update the dn if it changes. This is where you'll encounter errors with applications.

    Rename-ADObject however would be more appropriate than Set-ADUser in this case. Don's example should be fine but use Rename-ADObject rather than Set-ADUser. Have a look at the documentation for Rename-ADObject and test before running in production.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.