Changing the Username / Last Name of a newly married user.

I was never sure what the correct procedure was when changing a user's last name and how it would affect logons, email addresses and home drives. For a long time I would create a new account and move everything across, this became a bit tedious, especially if the user had a large amount of email.

So I created a test account and did some trial runs and I have found this to be the best method:

(Note: We have Active Directory sync'ing to our Google Apps account using Google Apps Directory Sync.)

For this example we are renaming Robin Scherbatsky to Robin Stinson.

1. Find the user in Active Directory, right click on their account and click "Rename".

2. Type in the user's new last name.

3. The "Rename User" window will open, change the "Last name" field and also update the "User logon name" field.

4. Please note that I have NOT changed the email address yet!

5. Run "Google Apps Directory Sync" and you should get the following output:

Proposed changes:

Delete: 0

Modify: 1

Create: 0

Modify (all proposed changes) - 1 total users affected

Modify user 1: "rscherbatsky"

Change family name to "Stinson"

6. Now update the "E-mail" address field for the user to the new email address:

7. Run "Google Apps Directory Sync" again and you will get the following output:

Proposed changes:

Delete: 0

Modify: 1

Create: 0

Modify (all proposed changes) - 1 total users affected

Modify user 1: "rscherbatsky"

Change primary address to "rstinson"

8. At this point I run "Google Apps Directory Sync" again as sometimes it is not able to perform all the update steps in one sync, after running a sync for the third time, I get the following output:

Proposed changes:

Delete: 0

Modify: 1

Create: 0

Modify (all proposed changes) - 1 total users affected

Modify user 1: "rstinson"

Remove 1 existing aliases

"rscherbatsky"

9. Next, add the user's old email address under the "proxyAddresses" attribute in Active Directory:

10. Run "Google Apps Directory Sync" for the fourth time and you will see the following output:

Proposed changes:

Delete: 0

Modify: 1

Create: 0

Modify (all proposed changes) - 1 total users affected

Modify user 1: "rstinson"

Add 1 new aliases

"rscherbatsky"

11. Now it's time to update the user's home directory, locate the folder, right click it and rename it to match the user's new username:

12. Finally, go back and update the user's "Home folder" path to point to the renamed folder. I use the %username% wildcard, you can also type in the full username.

13. You will be asked to confirm that you want to grant full control to the home folder, click "Yes" and you're done.

At this point I have the user logon to their laptop or computer using their new username. Windows should detect that it is the same account and the profile from their old username will be loaded so their desktop, folders, settings etc... are the same. 

Sync Centre also seemed to sync correctly with the new settings without having to clear the offline files cache.

Google Apps Sync - Clearing the Division field

We've been using Google Apps Directory Sync for a few months now and have found that over the months, the number of passwords being synced with each run was increasing - which was to be expected - the problem was that the sync was taking longer and longer and was more prone to time-outs.

The number of users being updated reached 600 before I found this solution.

Every time a user changed their password, the new password was encrypted and stored in the 'Division' field in Active Directory (Using the sha1hexfltr DLL). Google Apps Directory Sync would then perform a sync of passwords for every user that had a populated 'Division' field but would not clear that field once sync'd. This meant that the same users were being sync'd every time.

The solution was to find a way of resetting the 'Division' field back to blank for each user:

1. Install a program called Bulk Password Control from Wisesoft on your Domain Controller.

2. Load up your OU or group of users and then click the "Modify Attributes" button.

3. Click the "Other" tab.

4. Look through the list of attributes until you find the "division" attribute.

5. Click the highlighted checkbox twice until the attributes value is greyed out and says "<Clear Attribute>" then click the "OK" button.

6. Bulk Password Control will then cycle through all the selected users and clear the "Division" field. You will be shown a summary of the actions performed with an option to rollback if you think you've made a mistake. You can see in the example below that is has made changes to 99 users.

I recommend you perform these steps in the afternoon when people will not be busy changing their passwords as you might clear the "Division" field before it has been sync'd.