I would start out testing a script to do this for one user at a time. After you perfect that, it should scale easily. Changing settings in ADUC is easily done using AdMod. Sharing can be handled with Net Share. User Reg.exe for the registry. Tie em all together in a bat file and use the For command to enumerate through all users. Of course you can also use vbscript, powershell or any other language you're comfortable with.
For profile paths, I would change them server side, but ignore them on the local side. They will take care of themselves as you replace machines in the future. If you do want to change local, you'll need to edit the path in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to avoid the folder names with .001. From: [email protected] [mailto:[email protected]] Sent: Wednesday, April 20, 2011 1:17 PM To: NT System Admin Issues Subject: Changing [most] login names in Active Directory Greetings! Our company (around 500 or so people) is considering changing the login names for possibly all our users. For example, I may be changed from logging in as "richardm" to "richardm01", etc. Being changed from one login name to another is just one field in Active Directory Users and Computers (ADUC). However... 1. For housekeeping purposes, we would like to have the name of the home directory for each user to match the new login name. This gets complicated as, if the folder is its own share (ie, ".\richardm$"), then the folder would first need to be un-shared. Then it could be re-named and re-shared. Then it's back to ADUC to change the path for the share and perhaps the roaming profile (if it is not inside the user's home directory). 2. We know of at least two applications (help desk system and telephone user client) which authenticate using AD. So, the administration client for whatever applications we can remember would need to be used to make the name changes, one-at-a-time. So, I've been told to ask the forum: 1. Has anyone else done a mass login-name-rename, company wide? We have done it on an individual basis, but not company-wide. 2. For local profiles... should we consider changing those as well (for housekeeping purposes)? I believe that would involve renaming the folder in "Documents and Setting" and also adding the path in ADUC. (That field is most likely blank for users currently with no roaming profile). Once the profile folder is re-names, would permissions change as well (and then need to be changed)? Thing is here, if we do not do this correctly, then the user logs in and no longer has their desktop icons, their "My Documents" folder, and most user settings are back to the default. Administrators would then need to have that person log out, then copy the contents of the old profile folder into the new profile folder and adjust the permissions. Example, they rename my ".\richardm\" profile folder gets renamed ".\richardm01". In my experience, there's a worse than even chance that when I log in, I'll not have my docs and settings. An administrator will look at the file system and see that, besides the ".\richardm01" folder, there is a new ".\richardm01.001" folder. 3. If so, were issues other than those mentioned? Thank you... -- Richard D. McClary Jr Infrastructure Architect, Information Technology Group ASPCA(r) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
