Web Active Directory’s PeoplePlatform contains functionality where your end users, under your control, can rename users in Active Directory via a web interface. End users in this context could be administrators in your department or members of another department such as HR. Each of these end-users can have a different search scope. You could have managers of certain departments only be able to rename users who report to them as an example. Or some organizations opt to have end-users change their own names. If you want, these name changes can propagate to G Suite (Google Apps), Office365, and/or Microsoft Exchange.  Renaming Users in Active Directory and these other systems without automation isn’t always straightforward.

Name changes are prevalent because of data entry errors, marriage, divorce, and other personal status changes. It’s important to have options when renaming users. This article provides a little bit to consider.

Keep the Account Name the Same?

One of the most important decisions as an administrator is if you want to keep the user’s account name the same.  If you opt to keep their account name the same, the process of renaming a user is simplified.  To the outside world, the user’s name and email address in this scenario will look different.

Advantages of keeping the account name the same:

1. The process of renaming the user is much more simple (less to consider, less to automate, less moving parts)
2. Users can get used to using a certain login name– change can be unwanted
3. To the outside world, the user’s name will change (email address will be different, their name will display differently, etc)
4. With marriage and divorce, sometimes unfortunately names change then change back– it saves headache to not change the account name multiple times
5. You may have other moving parts in other places that depend on the user’s account name– if you change it these integrations might break

Disadvantages to keeping the account name the same:

1. The user might be bummed out that they are logging in with some combination of their old first and last name or initials

All things considered, it’s good to have the option either way, but we usually recommend keeping the account name the same.

What Must Change?

If you keep the account name constant, what must change?  Here’s a minimal list:

1. First name in your directory (givenName)
2. Last name in your directory (sn)
3. Name attribute in your directory (name)
4. Display name attribute in your directory (displayName)
5. The user’s email address.  This is the “mail” attribute in the directory.

The last item is important when considering other systems such as G Suite, Office365, or Exchange.  Generally it’s bad form to replace the user’s old email address with the new one and call it a day.  Of course colleagues and other business/personal contacts will still use the user’s old email address for what can be a long period of time.  To account for this, it’s important for an automated system to change the user’s primary email address but still keep the other around as a secondary email address or alias.

Such automation should check to see if the user has an account in one of these systems outside of your directory then change the primary address in that system while adding the old one as a secondary email address or alias.

Changing the Account Name– If You Insist

If you insist on also changing the user’s account name, your automated system must rename user’s folders and change the registry to recognize those new user folders.  This article has good information about those registry specifics.

The user’s account name might also be a link to other systems.  Renaming might break these links.  Even if you have an automated solution taking care of everything else, be mindful of these considerations.