OK to change name in Active Directory?

stick1977

stick1977

Member
Reaction score
0
Hello All,

Glad to have found this site, just registered and this is first post.
My company just landed this new account. I was on the phone with the head guy over their and was going over all the user names in AD, they then gave me a list of names that no longer work at the company and asked me to disable the accts. Only problem was now, Monday morning, somebody can't log in. Very typical situation I think, a new employee must've just taken over an acct from a departed employee and logs in with their name.

Now, I could create a new user account but that would mean not only transferring over all the docs but also user settings which can be tricky. So, OK if I just change the name of the user acct and the home folder it points to? Obviously I'd have to append file permissions the home folder but is there anything else I should worry about with this?

Thanks,
Stick
 
stick1977 said:
Hello All,

Glad to have found this site, just registered and this is first post.
My company just landed this new account. I was on the phone with the head guy over their and was going over all the user names in AD, they then gave me a list of names that no longer work at the company and asked me to disable the accts. Only problem was now, Monday morning, somebody can't log in. Very typical situation I think, a new employee must've just taken over an acct from a departed employee and logs in with their name.

Now, I could create a new user account but that would mean not only transferring over all the docs but also user settings which can be tricky. So, OK if I just change the name of the user acct and the home folder it points to? Obviously I'd have to append file permissions the home folder but is there anything else I should worry about with this?

Thanks,
Stick
Click to expand...

It will not be any problem.

Right-Click the Object and select to Rename. If you just do it through the properties you won't change the objects distinguisedName attribute or how it is displayed the Active Directory console.

If you change the Logon ID, sometimes third-party apps behave strangely though.

You can just rename the home folder and be sure to put the updated UNC path in the profile. There is no need to change the permissions because the SIDs will remain the same.

That said there may be unintentional consequences. i.e. If the past employee's account was given rights to somewhere, the new user will still have those rights (because the SID remains attacked to the ACL).
 
NETWizz said:
It will not be any problem.

Right-Click the Object and select to Rename. If you just do it through the properties you won't change the objects distinguisedName attribute or how it is displayed the Active Directory console.

If you change the Logon ID, sometimes third-party apps behave strangely though.

You can just rename the home folder and be sure to put the updated UNC path in the profile. There is no need to change the permissions because the SIDs will remain the same.

That said there may be unintentional consequences. i.e. If the past employee's account was given rights to somewhere, the new user will still have those rights (because the SID remains attacked to the ACL).
Click to expand...

You beat me to it, but +1 I do it on a regular basis. Luckily here just about everyone has the same permissions, which is no permissions lol.
 
Thank you both. The more I think about it the more I'm leaning towards waiting until the client asks for this instead of just doing it so may be a while before I have feedback. No bother, sounds like it won't be a problem. Thanks.
 
stick1977 said:
they then gave me a list of names that no longer work at the company and asked me to disable the accts. Only problem was now, Monday morning, somebody can't log in.
Click to expand...

If you just "disabled" the account....it's wonderfully simply to re-enable it. :cool:

No need to "create" or "rename" an account.

But I guess we can assume you meant that you deleted the account, not disabled.

Hint....when you get a list of ex-employees...always "DISABLE" them instead of "DELETE" the accounts....and wait a few months. Once time has gone by and you're sure that staff name is gone, and you don't need any of their data...you can then properly "delete" the account (after securing their data if need be).
 
YeOldeStonecat said:
If you just "disabled" the account....it's wonderfully simply to re-enable it. :cool:

No need to "create" or "rename" an account.

But I guess we can assume you meant that you deleted the account, not disabled.

Hint....when you get a list of ex-employees...always "DISABLE" them instead of "DELETE" the accounts....and wait a few months. Once time has gone by and you're sure that staff name is gone, and you don't need any of their data...you can then properly "delete" the account (after securing their data if need be).
Click to expand...

You can also write Active Directory Queries like this (to find all users Inactive for 60+ days):
attachment.php


You can write one to find all disabled accounts:
attachment.php


You can write tons of queries... Here are the results of all the disabled users in my organization... Looks like 419 disabled user accounts right now.:
attachment.php
 

Attachments

  • Inactive 60 Days.jpg
    Inactive 60 Days.jpg
    40.6 KB · Views: 234
  • Disabled.jpg
    Disabled.jpg
    18 KB · Views: 173
  • Results.jpg
    Results.jpg
    87.6 KB · Views: 200
I love Active Directory queries, but I am the only person that uses them in my organization, and I have 1/8th of a State's Government... :D


For example:
We have 2 (20 Windows Server 2008) systems without SP2
We have 11 Server 2008 R2 systems without a Service Pack
7 Windows Server 2003 without SP2
12 Vista without SP2
1520 XP systems without SP3 :mad:
125 Locked Out Accounts (Wonder what these workers are doing at their desk other than collecting a paycheck)

^^^^ None of the above are from the area I manage... Wonder what the rest of the people that have my job do all day...
 
You must log in or register to reply here.

Similar threads

thecomputerguy
How do I break into a computer that is Azure joined as a non-admin account?
Replies
8
Views
615
Sky-Knight
Sky-Knight
JoelM
Offboarding User in Google Workspace
Replies
0
Views
307
JoelM
JoelM
HCHTech
Quickbooks Enterprise 2024 multi-user issues
Replies
7
Views
1K
Markverhyden
Markverhyden
nlinecomputers
Port a personal Skype to a M365 Teams Business account?
Replies
1
Views
279
Sky-Knight
Sky-Knight
Velvis
Weird Gmail/Contacts issue
Replies
1
Views
304
britechguy
britechguy
Back
Top