Thanks, this looks like the way to go, My big concerns are potential impacts on Exchange and the change in the name attribute for users and Distribution Groups in terms of permissions.
Also, I would do this with VB.NET in Visual Studio, and therefore I assume the System.DirectoryServices DirectoryEntry.MoveTo Method in .NET is the equivalent to IADsContainer::MoveHere -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: June 8, 2005 5:10 PM To: [email protected] Subject: RE: [ActiveDir] Renaming user and group object CNs The preferred method would be to use the movehere method. There are some gotchas when dealing with different languages. As for the gotchas of changing this, the biggest that jumps out occurs if you're using apps that rely on RDN or CN. Otherwise, it's a breeze. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/ad si/iadscontainer_movehere.asp Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Wednesday, June 08, 2005 3:34 PM To: [email protected] Subject: Re: [ActiveDir] Renaming user and group object CNs You can script this using a tool like dsmod if you can come up with a list of the CNsthat you want to change to. There are other scripting options too, and if you want to change the CN to something like Lastname, Firstname you could even use ADModify. Phil On 6/8/05, Frost, David: #CIO-BPI <[EMAIL PROTECTED]> wrote: > I have been researching the implication of modifying object CNs for > users and groups in order to provide a) a more consistent cn format > for objects in our directory, b) remove "special" characters such as > /, #, and : that make dealing with objects via scripting difficult. > > Courtesy of the Active Directory Connector for Exchange, our AD user > and Group Objects have CN attributes that are copies of the Exchange > 5.5 directory Display Name attribute. Our initial testing did not > seem to indicate that this would be a problem, but very shortly after > we started to migrate users in production we noticed some issues and > modified the ADC to stop this behaviour. Problem was that all the > distribution groups had already been migrated along with 200-300 user > objects (hence the cn= ex5.5 display name). > > Now that migration of users and groups from NT4 and Ex5.5 is complete > (and has been for a number of months) the full impact (annoyance) of > having these / , :, and # in the CN is is becoming visible. Command > line tools such as dsquery etc, LDIFDE, CSVDE etc hiccup and generally > add a number of flaming hoops to jump through to the point that I > would like to rename the CNs on these objects (users and Universal distribution groups). > > > Is this possible to do on a large scale (200-300 users and 2700 + groups)? > If so how, what are the gotchas etc.... > > Thanks in advance. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
