none
Script to change DN attribute in AD to be the same as sAMAccountName RRS feed

  • Question

  • Recently I was asked to change the Display Name for all the users in AD in my organization.  I was asked to do so because the previous AD/Exchange Admin created all accounts using the default of "FirstName MiddleInitial LastName".  The new staff wanted the Display Name to be "LastName, FirstName MiddleInitial".

    I made this change using this script I found on the Internet:

    # Pre-Users.ps1 - Change the name & display name of existing users.
    # Created by - Amit Tank
    $Users = Get-User -ResultSize unlimited | where {$_.RecipientTypeDetails -eq "UserMailbox"}
    ForEach ($User in $Users)
    {
    $DName = $User.LastName + ", " + $User.FirstName + " " + $user.Initials
    $DName = $Dname.Trim()
    Set-User $User -Name $DName -DisplayName $DName
    Get-User $User | FT Name, DisplayName
    $DName = $Null

    }

    When I made this change however it changed the DN of each user and the organization is using google sync and can no longer synchronize with google.

    I think if I had a script that would change the DN to the value of the user's sAMAccount name it would be fixed. I have setup a test OU where I can test this with just one user.

    I have found a few scripts that claim that they work and that it can be done, but all of them I try I get various errors. Here is one that I made based from other information I have found:

    # Get sAMAccountName and then change DN to be the same. Get-ADUser -Filter * -SearchBase "OU=TEST,DC=MCCSC,DC=EDU" ForEach ($User in $Users) { set-aduser -Identity "*" $_.distinguishedname -sAMAccountName ($_.samaccountname)
    }

    When I try running this script I get the following error:

    Set-ADUser : A positional parameter cannot be found that accepts argument '$null'.

    I am a realitive PowerShell n00b so I really don't know what the heck it is saying there. I don't think I have any parameters not definded or set null, so I am not sure.

    If I can get a script that will reliably change just the DN to be the same as the sAMAccountName then I can test it and I think everything will be fine.

    Can anyone help me a bit with this please?

    Thanks,

    Nick

    • Moved by Bill_Stewart Monday, October 20, 2014 5:38 PM This is not "fix script for me" forum
    Wednesday, September 17, 2014 6:20 PM

All replies

  • Changing the display name does not change and cannot change the DN.  The DN is set by the system.

    I highly recommend that you abandon what you are trying to do before you destroy AD.

    Start by analyzing why you think the DN has been changed.  The distingiuishedName is a path to the location and name of the object.  The container is most of the name and the "CN" or "Name" is the first bit.  These can only be changed by renaming the object or by moving the object.

    You cannot "Set" the distinguished name.

    If you look at the docs you will see there is no option to change the distinguishedName.

    http://technet.microsoft.com/en-us/library/ee617215.aspx

    I suspect that someone in your organization is having fun with your head.  Try talking this over with the Admins.  Google has no access to AD and cannot use its data.


    ¯\_(ツ)_/¯

    Wednesday, September 17, 2014 6:39 PM
  • I think it is likely that you want to change the "Common Name" of the user, which is the value of the "cn" attribute (in ADUC this is the "Name" of the user). Modifying this requires renaming the user object, which has the affect of changing the distinguished name. The only other way to modify the distinguished name of any existing object is to move it to another OU or container.

    There is another attribute of user objects, which is displayName. This corresponds to the field in ADUC labeled "Display name". Is that what you want to modify?


    Richard Mueller - MVP Directory Services

    Wednesday, September 17, 2014 9:11 PM
  • I also suspect that this is the "Name" attribute.

    In our org, the "Name" and "samAccountName" are the same (and I think this is the default), but I have seen examples where they are different.

    These attributes shouldn't make any difference to how the names display in the address book.

    I can understand why the staff want the display name to be LastName, FirstName, MiddleInitial as this is easier to search if you are listing the users.

    However, ours is set to firstname, lastname, and it doesn't really seem to matter as "CheckNames" sorts all of this out.

    You might want to clarify what you mean by "DN".

    In your example..

    $DName = $User.LastName + ", " + $User.FirstName + " " + $user.Initials

    I suspect it actually means displayName (rather than distinguishedName).

    I've tried setting the name field on a account, which fails. 

    The distinguishedName cannot be changed directly.  It is a system string which is calculated from multiple attributes.  Try doing a wildcard search on the distinguishedName.  You'll find you can't, and have to enter the whole DN.

    The following is just wrong.  You can't have "*" as the identity.  If you took the "*" out of the script.  It would try to set the -sAMAccountName to the same as it already is.

    ForEach ($User in $Users) 
    { 
    set-aduser -Identity "*" $_.distinguishedname -sAMAccountName
    ($_.samaccountname)
    }


    Thursday, September 18, 2014 9:54 AM
  • Hi Nicholas,

    If you are able to tell me exactly what you require, I will provide the PowerShell script that will do  the job. If you are talking about modifying Users display name, then I already have a script that does this. please confirm that this is what you want to do.

    Friday, September 19, 2014 12:31 PM
  • I am going to guess that the first script posted by the OP worked; it renamed the user object (changed the DN) and also assigned a value for displayName. But this is not what the OP wanted, so they want a script to fix the situation; a script that will make the Common Name (the value of the cn attribute) of the user equal to the sAMAcccountName, and perhaps also assign the desired value for displayName. If so, the following script, which assumes the first script worked for the user, should do what is needed:

    $Users = Get-User -ResultSize unlimited | where {$_.RecipientTypeDetails -eq "UserMailbox"}
    ForEach ($User in $Users)
    {
        If (($User.LastName -ne $Null) -and ($User.FirstName -ne $Null))
        {
            $DName = $User.LastName + ", " + $User.FirstName + " " + $User.Initials
            $DName = $Dname.Trim()
            $LName = $User.sAMAccountName
            If (($User.Name -ne $LName) -and ($User.Name -ne $DName))
            {
                Set-User $User -Name $LName -DisplayName $DName
            }
            ElseIf ($User.Name -ne $LName)
            {
                Set-User $User -Name $LName
            }
            ElseIf ($User.DisplayName -ne $Dname)
            {
                Set-User $User -DisplayName $DName
            }
            Get-User $User | FT Name, DisplayName
            $DName = $Null
            $LName = $Null
        }
    }

    -----



    Richard Mueller - MVP Directory Services

    Friday, September 19, 2014 3:03 PM
  • I have created a script that I believe is required. Please download it from my blog:

    http://www.itechguides.com/powershell-script-to-amend-displayname-of-ad-users/ 

    If I misunderstood you, please provide more details - I will provide a script that will resolve the problem

    • Proposed as answer by Victor Ashiedu Friday, September 19, 2014 4:21 PM
    • Unproposed as answer by Bill_Stewart Monday, October 20, 2014 5:38 PM
    Friday, September 19, 2014 4:21 PM
  • I have created a script that I believe is required. Please download it from my blog:

    <snip>

    If I misunderstood you, please provide more details - I will provide a script that will resolve the problem

    Please post code here (using the Insert Code Block button) instead of trying to generate blog hits.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Friday, September 19, 2014 4:27 PM