As Phil states, this can be done. However, some of these characters are in there for good reason (such as the '/' as an escape character for the ',') and I would seriously suggest setting up a complete test environment to test out your proposed changes before you run a script against your production AD.
Even then, I'd take a system state backup before you run the script so that you can restore in the event of 'bad things'. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Wednesday, June 08, 2005 2:34 PM To: [email protected] Subject: Re: [ActiveDir] Renaming user and group object CNs You can script this using a tool like dsmod if you can come up with a list of the CNsthat you want to change to. There are other scripting options too, and if you want to change the CN to something like Lastname, Firstname you could even use ADModify. Phil On 6/8/05, Frost, David: #CIO-BPI <[EMAIL PROTECTED]> wrote: > I have been researching the implication of modifying object CNs for users > and groups in order to provide a) a more consistent cn format for objects in > our directory, b) remove "special" characters such as /, #, and : that make > dealing with objects via scripting difficult. > > Courtesy of the Active Directory Connector for Exchange, our AD user and > Group Objects have CN attributes that are copies of the Exchange 5.5 > directory Display Name attribute. Our initial testing did not seem to > indicate that this would be a problem, but very shortly after we started to > migrate users in production we noticed some issues and modified the ADC to > stop this behaviour. Problem was that all the distribution groups had > already been migrated along with 200-300 user objects (hence the cn= ex5.5 > display name). > > Now that migration of users and groups from NT4 and Ex5.5 is complete (and > has been for a number of months) the full impact (annoyance) of having these > / , :, and # in the CN is is becoming visible. Command line tools such as > dsquery etc, LDIFDE, CSVDE etc hiccup and generally add a number of flaming > hoops to jump through to the point that I would like to rename the CNs on > these objects (users and Universal distribution groups). > > > Is this possible to do on a large scale (200-300 users and 2700 + groups)? > If so how, what are the gotchas etc.... > > Thanks in advance. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
