Skip to main content

Renaming User Accounts in Active Directory with VBScript

This one proved to be a little more difficult then I first thought. We were able to get a few attributes to change, but in further testing; I found that AD was throwing a fit. The problem was resolved using the ADSI Editor Snap-in. What I did was watch each value and whether or not the correct value was reflected in the User accounts properties. The following code relies on a text file containing the old and new user names formatted as such:

OldUserName1,NewUserName1
OldUserName2,NewUserName2
OldUserName3,NewUserName3

You can modify the code to import the usernames anyway that works for you. Also, do not forget to change the variables ParentDN and strUPNSuffix to match your environments.

' ================================
' RenameUSerAccounts.vbs
' Author: Jason A. Yoder, MCT
' Date: May 15, 2009
'
' Required Files:
' - A Text file named "names.txt". In this script, the file
' location is hard coded.
' The format for the text file is %OldUserName%,%NewUserName%
'
' Other Information:
' - The interesting part of this code is in the Do While...Loop.
' It does not matter how you get the data into the script
' as long as you have the ParentDN and both old and new usernames.
' ================================

Const ForReading = 1
ParentDN = "OU=HR,DC=FourthCoffe,DC=com" ' Change this line to reflect your environment.
strUPNSuffix = "ens.com" ' Change this line to reflect your environment.

' Read in the data file of old and new user names.
Set objFilesys = CreateObject("Scripting.FileSystemObject")
Set objFileText = objFileSys.OpenTextFile("C:\Users\Administrator\Desktop\Test\Names.txt", ForReading, true)


Do Until objFileText.AtEndOfStream '
strText = objFileText.Readline ' Reads the Names.txt file one line at a time.
aryText = Split(strText,",") ' Slipts each value into different cells of aryText.

strUserOldName = aryText(0)
strUserNewName = aryText(1)



set objCont = GetObject("LDAP://" & ParentDN)
objCont.MoveHere "LDAP://cn=" & strUserOldName & "," & ParentDN, "cn=" & strUserNewName
set objUser = GetObject("LDAP://cn=" & strUserNewName & "," & ParentDN)


objUser.Put "sAMAccountName",strUserNewName
objUser.Put "userPrincipalName",strUserNewName & "@" & strUPNSuffix
objUser.Put "GivenName",strUserNewName
objUser.Put "DisplayName",strUserNewName

objUser.SetInfo
Loop

WScript.Echo "Done"

Comments

Popular posts from this blog

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.

How to run GPResult on a remote client with PowerShell

In the past, to run the GPResult command, you would need to either physically visit this client, have the user do it, or use and RDP connection.  In all cases, this will disrupt the user.  First, you need PowerShell remoting enabled on the target machine.  You can do this via Group Policy . Open PowerShell and type this command. Invoke-Command –ScriptBlock {GPResult /r} –ComputerName <ComputerName> Replace <ComputerName> with the name of the target.  Remember, the target needs to be online and accessible to you.

Where did a User’s Account Get Locked Out?

Updated: May 15, 2015 When this article was originally published, two extra carriage returns were add causing the code to malfunction.  The code below is correct.   My client for this week’s PowerShell class had a really interesting question. They needed to know where an account is being locked out at. OK, interesting. Apparently users hop around clients and forget to log off, leading to eventual lock out of their accounts. The accounts can be unlocked, but are then relocked after Active Directory replication. This problem is solved in two parts. The first one is to modify the event auditing on the network. The second part is resolved with PowerShell. The first part involves creating a group policy that will encompass your Domain Controllers. In this GPO, make these changes. Expand Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Advanced Audit Policy Configuration \ Audit Policies \ Account Management Double click User Account Management C...