AD user renaming

[BO Terry]

Active Directory question: I primarily work on peer to peer environments but have some occasion domain work as well. I have a client that just replaced a long time employee. When they did, they started the new person using the old employee's login at their desktop. Now they want to update the profile to match the new employee's name etc without having to create a new desktop profile and move all the shortcuts, & tweaks over for the new guy.

If I just rename the profile in AD from Jim Smith (jsmith@sample.com) to Billy Williams (bwilliams@sample.com) and have them log out & log back in, will that take care of it? I would normally just create a new user and a new profile but they don't want that on this one for some reason. One thing I can think of is that the users\folder name would still reflect the old account but that's only an issue for someone like me.

They use a combination of workstation installed (Office, etc), server-based (accounting software like Sage & QuickBooks), and cloud-based software. Would this cause any issues with any authentication for any of these scenarios? FYI: They use GSuites for email and manage main in a browser so no Outlook/Exchange issues to consider. Also, the person who left did so on good terms so no issue with maintaining the profile for future reference (too late for that anyway).

 

[Sky-Knight]

Renaming an AD object retains the GUID which is what all the associated permissions and settings are attached to.

So yes, you can simply rename the account, and it will work as you describe. There is however... one catch.

The rename will cause the desktop used by the user to use all settings, this includes the local user profile and it will NOT make a new one!

So, if you have a user jsmith, that's replaced by a user bwilliams, and you rename jsmith's account to bwilliams. The display name on the desktop will update to bwilliams. BUT, the user's locally stored profile information will remain in c:\users\jsmith

This can make recovery in the event of a failure problematic. Redirected folders have the same limitation, the system won't make a new folder path based on the new user. So if you rename an account 3-5 times, when you have 200 users in that folder it can be REALLY HARD to find that user's files when something goes wrong.

All of the junk you're concerned about beyond that is stored in the local user profile on the desktop it was generated on. Renaming the user grants access to all of that, including saved passwords. But that's a whole new can of worms.

I do not generally recommend this practice, as it encourages laziness that will create huge time consuming problems later. Users need to know where their stuff us, admins need to know where that stuff is, and users need to be responsible for maintaining their own browser environments. The only time I use it is when someone gets married. Because that's easily documented and remembered.

 

[nlinecomputers]

Forensit User Profile Wizard. This tool can convert one profile to another including all the path changes that @Sky-Knight mentioned. its better to just manually move it but this will do the job.

 

[Sky-Knight]

I honestly prefer to fabs it off and fabs it back. Forensit's tool is powerful, but we all have had that one profile that went stupid.