Home / server / Questions / 170999
Accepted
Bart Silverstrim
Asked: 2010-08-17 06:02:38 +0800 CST

Users changing their name

  • 772

When users need a username changed, is there a set of places to have to check that the bases are covered?

I know that AD uses a SID to actually identify users, but in this example we have a user that got married and changed her name. Our usernames are first initial last name (jdoe) and so I need to make sure they can log in with their new usernames.

I'm thinking that in AD the only things I have to change are

In general tab, last name, display name, email

In account tab, user logon name, user logon name pre-windows 2000.

In the email addresses tab, add smtp aliases to the new name. I'm not sure if I could delete the old email addresses from here because I'm not sure how Exchange would act with the mailbox, so maybe I'm better off leaving the old address available as well?

Anything I'm overlooking?

active-directory user-management

3 Answers

  1. Best Answer

    I would also suggest to check the mailbox alias. Exchange Management Shell (If you're on Ex2007 or Ex2010) can use the mailbox alias in scripts.

    • 1

  2. Our policy is that we change GAL data, but not the actual account name. For instance, "Rachel Smith (smithr)" will get married and change her name to Rachel Anderson and submit paperwork for the name-change. She will then become "Rachel Anderson (smithr)" in AD. The same applies to "Robert Smith (smithr)" deciding he wants to be known as Bob Smith (smithr). We did this in part due to back end (non-AD) issues as well as some bad experiences changing account names in Exchange 2000. We do get some blow-back on this a couple times a year, but the simple fact of the matter is that the only place the average user even sees their account name is on login pages. Everyone else sees Display Name.

    • After name-changes we DO keep the old firstname.lastname@ addresses on their SMTP Address List.
    • The name also appears in Firstname, Surname, and Display Name.
    • The name sometimes also appears as the CN of the object.

    If you do change the account name, make sure to change the X400 and be sure to keep the old X400 name as well. This allows replying to old emails in Outlook to actually deliver, as well as permitting typing the old name into the To: field to deliver. Outlook stores the X400 name internally, not the SMTP name.

    • 1

  3. I'm not sure if you haven't mentioned the client side because you don't have to worry about it, but if that's not the case, you've got to deal with the local profile. If mishandled, they can lose the whole thing, so you'll definitely want verify how that will be backed up / migrated.

    • 0