RE: [ActiveDir] ADUC - User logon name (is empty)

[Joe Pochedley]

This is very common in domains that were upgraded from NT4.  The new Login name is called the Universal Principal Name (UPN) and basically allows the user to specify an email style login ([EMAIL PROTECTED]) instead of the NT4 style Username, Password, Domain ( or Domain\Username) style... Here's a script that I wrote that will do exactly what you want...   Be sure to replace the YourDomain and local entries with your actual domain name for the LDAP query and the UPN suffix areas (in the ObjUserUPN= line)  Also be sure to change the path to the logfile to a directory you have available...   If you want to see what items are going to be changed, comment out the line with " objUser.SetInfo " by putting a ' at the beginning, then you can review the logfile to see the changes.   Finally, I don't believe that ISA server relies on the UPN name being present for authentication, so I don't know if this will help your problem (we ran ISA just fine without UPN names for many months).   (Watch for wrapping!)   ' --- Begin Script  here   Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8   logfile = "C:\TEMP\BatchAddUPN.log"   Set fso = CreateObject("Scripting.FileSystemObject") Set fsOut = fso.OpenTextFile(logfile, ForAppending, True)   Set objConnection = CreateObject("ADODB.Connection") Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;"   Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection   objCommand.CommandText = "LDAP://dc=YourDomain,dc=local;" &_      "(&(objectCategory=person)(objectClass=user));" & "ADsPath;subtree" objCommand.Properties("Page Size") = 10000 Set objRecordSet = objCommand.Execute   While Not objRecordset.EOF strADsPath = objRecordset.Fields("ADsPath") Set objUser = GetObject(strADsPath) If objUser.userPrincipalName = "" Then ObjUserUPN = objUser.samaccountname & "@YourDomain.local"     fsOut.WriteLine (objUser.name & " UPN Set to ") & ObjUserUPN     objuser.Put "userPrincipalName", ObjUserUPN     objUser.SetInfo End if objrecordset.MoveNext Wend objConnection.Close   fsOut.Close WScript.Echo "Script Complete!"   ' End of Script Joe Pochedley Weiler's Law - Nothing is impossible for the man who doesn't have to do it himself.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, February 09, 2004 12:28 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADUC - User logon name (is empty) Hey, guys this is my first? On here so here we go.             AD users and computers – User account properties – Accounts tab.     User logon name (field) is empty but the User logon name (pre-windows 2000) has the proper user account name.   Is there anything that would allow me to copy the pre windows 2000 field which holds the user account name, to the User log on name field (where it should be).     I think we have been running into authentication issues because that field isn’t populated.  I.e. Isa server prompts for username and password to get outside access and AD account info should be used to authenticate, I believe it’s due to the User log on name field being blank.       Thanks for your time, Phil This electronic mail and any attachments are intended only for the use of the intended recipient and may contain trade secrets, privileged or otherwise confidential information. Unauthorized review, use or dissemination of this electronic mail or the information contained herein or attached hereto by any person other than the intended recipient is prohibited. If you have received this message in error, or believe you are not authorized to receive this message, please contact: Yellow Book USA Help Desk at [EMAIL PROTECTED]