November 1st, 2005

How Can I Change a User’s sAMAccountName?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I change the sAMAccountName from KMyer to Ken.Myer?

— CP

SpacerHey, Scripting Guy! AnswerScript Center

Hey, CP. You know, William Shakespeare once said, “A rose by any other name would smell as sweet.” What does that have to do with your question abut changing the sAMAccountName for a user? Nothing really; it’s just that every now and then we like people to think that we’re well-rounded, culturally-literate guys who do something besides watch baseball and The Simpsons. The truth is we’re not culturally-literate guys who do something besides watch baseball and The Simpsons; we just don’t want anyone to know that. (Editor’s Note: That’s not true of all the Scripting Guys. Some of us watch football too.)

If Shakespeare was alive today (he is dead, isn’t he?) he’d probably answer that question by saying something like, “Leave me alone, Scripting Guys. I’m tired of answering scripting questions for you; I’ve got a play to write.” But that’s OK; fortunately, this is a question that we can answer ourselves, without any help from Mr. Shakespeare:

Set objUser = GetObject(“cn=Ken Myer, ou=Finance, dc=Fabrikam, dc=com”)

objUser.sAMAccountName = “Ken.Myer” objUser.userPrincipalName = “Ken.Myer” objUser.SetInfo

Granted, it’s not iambic pentameter (or maybe it is; we aren’t totally sure what iambic pentameter looks like) but there’s still a certain beauty to the code, don’t you think? The script starts off by binding to the Ken Myer user account in Active Directory. We then use this line of code to change the sAMAccountName to Ken.Myer:

objUser.sAMAccountName = “Ken.Myer”

Now, we’re not saying that the Scripting Guys are better than Shakespeare; all we’re saying is that if you attend one of Shakespeare’s plays he doesn’t give you a bonus play absolutely free. The Scripting Guys, however, give you bonus code absolutely free. Although the following line of code is optional, many organizations like to keep their UPNs (user principal names) in sync with their sAMAccountNames; that way users have to remember only one name – Ken.Myer – as opposed to two: Ken.Myer and kmyer@fabrikam.com. Therefore, we tossed in this line of code to change the UPN as well:

objUser.userPrincipalName = “Ken.Myer”

Last, but definitely not least, we call the SetInfo method to write the changes back to Active Directory:

objUser.SetInfo

Whatever you do, don’t leave out this line of code. When you bind to a user account in Active Directory, a copy of that account is created in memory on your machine. As you make changes to the account properties, those changes are made on this copy; the original account remains in Active Directory, unchanged. The only way to update the actual user account, the one in Active Directory, is to call the SetInfo method, which is roughly equivalent to clicking the Save button in, say, Microsoft Word.

So there you have it, CP. As William Shakespeare once said, “See you tomorrow.”

Note. Hey, he probably said that at some point in his life.

Author

0 comments

Discussion are closed.