Ok - so the above script is the "biggie" - it will rename the user object in Active Directory - the name that's displayed in the AD user manager list (aka the RDN or object name with the OU).

The UPN (aka User Principal Name, aka Windows 2000 logon name) and SamAccountName (aka Pre-Windows 2000 userid) are the other two. But because these names are properties of the user object (as opposed to a handle to the entire object) you might be able to take more of a "I don't have to get it right the first time" kinda attitude. I mean - you can easily repair any mistakes by just poking the object in AD user manager but the DN deserves some extra care.

Changing the other two names goes like this...

code:

---

break on 

$user = olegetobject(0,"LDAP://CN=John Doe,OU=MYOU,DC=WHATEVER,DC=NET")

if $user 

 $= oleputproperty($user,"userprincipalname","s","john.doe")
 $= oleputproperty($user,"samaccountname","s","jdoe")
 $= olecallfunc($user,"setinfo")

endif

exit

---

The first thing you might notice is that the UPN logonid doesn't contain the @WHATEVER.COM ending - you can leave it off and AD will just update the user logon name and keep the existing WHATEVER.COM postfix. Or you can specify that as well, like this ...

$= oleputproperty($user,"userprincipalname","s","john.doe@@whatever.com")

and that should get updated too (although I've never tried it).

Anyway - your script is looking excellent - good luck ...

-Shawn

[This message has been edited by Shawn (edited 16 June 2001).]