Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD Attribute query!
AD Attribute query! [message #156865] Thu, 25 June 2009 06:52 Go to next message
UselessUser  is currently offline UselessUser
Messages: 16
Registered: October 2009
Junior Member
Hi,

We have a large group, which recently needed major editing, so I handed it
over to another person who asked me a very simple question..

How come when looking at this group, members appeared as one of these types:

FSurname
Firstname Surname

And I had no idea, after a bit of study, it looks like ADUC exposes members
by the Full Name (or Name attribute) of their accounts.

The real question is, how come if they have been created using the normal
Firstname and Lastname options in ADUC, and the full name is generated
automatically from these and is not changed, how do some people have the:

FSurname

I think some of these are old users, so may have been migrated from an NT4
domain, would this cause this?

Also is there any damage (Relating to AD and Exchange etc) of running a
script on these accounts to rename the name attribute to firstname lastname??
Re: AD Attribute query! [message #156869 is a reply to message #156865] Thu, 25 June 2009 07:35 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
FirstName LastName happens to be the default format of Full Name entry in
ADUC (as per http://support.microsoft.com/kb/250455/). The article also
provides instructions on how to change this default format for any future
accounts (btw. you can find a script that changes this format at
http://support.microsoft.com/kb/277717/ - although you'd need to modify it
to match the naming convention you want to use). Without knowing how the
other accounts were created, it is rather difficult to speculate why their
Full Name is different - this could have happened in a number of different
ways (account migration is one of them)...
I'd not expect any negative implications, as long as you modify this
particular attribute only - but obviously you should test it with one
non-critical account first before you apply changes en masse...

hth
Marcin

"UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
news:A6172306-0493-4CE7-8277-437348658DF5@microsoft.com...
> Hi,
>
> We have a large group, which recently needed major editing, so I handed it
> over to another person who asked me a very simple question..
>
> How come when looking at this group, members appeared as one of these
> types:
>
> FSurname
> Firstname Surname
>
> And I had no idea, after a bit of study, it looks like ADUC exposes
> members
> by the Full Name (or Name attribute) of their accounts.
>
> The real question is, how come if they have been created using the normal
> Firstname and Lastname options in ADUC, and the full name is generated
> automatically from these and is not changed, how do some people have the:
>
> FSurname
>
> I think some of these are old users, so may have been migrated from an NT4
> domain, would this cause this?
>
> Also is there any damage (Relating to AD and Exchange etc) of running a
> script on these accounts to rename the name attribute to firstname
> lastname??
Re: AD Attribute query! [message #156870 is a reply to message #156869] Thu, 25 June 2009 08:32 Go to previous messageGo to next message
UselessUser  is currently offline UselessUser
Messages: 16
Registered: October 2009
Junior Member
Hi,

Thanks for the reply, I understand that by setting the 409 attribute for new
users, it amends the dialog box at account creation so it becomes surname,
firstname, and as display name is taken from that by default, display name in
GAL will be surname, firstname as well..

However the script underneath it, only adjusts the display name, it does not
touch the fullname (Or name attribute), so in AD old users will appear as
firstname surname, whilst new users will appear as surname, firstname...

I have seen ADMODIFY has a change CN (RDN) option, which I think sets the
name attribute and CN attributes to surname, firstname so then AD would also
all match up but am worried about any problems of doing this?

"Marcin" wrote:

> FirstName LastName happens to be the default format of Full Name entry in
> ADUC (as per http://support.microsoft.com/kb/250455/). The article also
> provides instructions on how to change this default format for any future
> accounts (btw. you can find a script that changes this format at
> http://support.microsoft.com/kb/277717/ - although you'd need to modify it
> to match the naming convention you want to use). Without knowing how the
> other accounts were created, it is rather difficult to speculate why their
> Full Name is different - this could have happened in a number of different
> ways (account migration is one of them)...
> I'd not expect any negative implications, as long as you modify this
> particular attribute only - but obviously you should test it with one
> non-critical account first before you apply changes en masse...
>
> hth
> Marcin
>
> "UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
> news:A6172306-0493-4CE7-8277-437348658DF5@microsoft.com...
> > Hi,
> >
> > We have a large group, which recently needed major editing, so I handed it
> > over to another person who asked me a very simple question..
> >
> > How come when looking at this group, members appeared as one of these
> > types:
> >
> > FSurname
> > Firstname Surname
> >
> > And I had no idea, after a bit of study, it looks like ADUC exposes
> > members
> > by the Full Name (or Name attribute) of their accounts.
> >
> > The real question is, how come if they have been created using the normal
> > Firstname and Lastname options in ADUC, and the full name is generated
> > automatically from these and is not changed, how do some people have the:
> >
> > FSurname
> >
> > I think some of these are old users, so may have been migrated from an NT4
> > domain, would this cause this?
> >
> > Also is there any damage (Relating to AD and Exchange etc) of running a
> > script on these accounts to rename the name attribute to firstname
> > lastname??
>
>
>
Re: AD Attribute query! [message #156874 is a reply to message #156870] Thu, 25 June 2009 09:22 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
The scripting approach for modifying the CN attribute (using the MoveHere
method of the parent container) is described in
http://www.microsoft.com/technet/scriptcenter/guide/sas_usr_ aznz.mspx?mfr=true
I'm not aware of any specific problems related to changing cn, but you
should watch for name clashes - and obviously test thoroughly...

hth
Marcin

"UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
news:CD53BFBC-1840-454E-99A6-57733CF61F87@microsoft.com...
> Hi,
>
> Thanks for the reply, I understand that by setting the 409 attribute for
> new
> users, it amends the dialog box at account creation so it becomes surname,
> firstname, and as display name is taken from that by default, display name
> in
> GAL will be surname, firstname as well..
>
> However the script underneath it, only adjusts the display name, it does
> not
> touch the fullname (Or name attribute), so in AD old users will appear as
> firstname surname, whilst new users will appear as surname, firstname...
>
> I have seen ADMODIFY has a change CN (RDN) option, which I think sets the
> name attribute and CN attributes to surname, firstname so then AD would
> also
> all match up but am worried about any problems of doing this?
>
> "Marcin" wrote:
>
>> FirstName LastName happens to be the default format of Full Name entry in
>> ADUC (as per http://support.microsoft.com/kb/250455/). The article also
>> provides instructions on how to change this default format for any future
>> accounts (btw. you can find a script that changes this format at
>> http://support.microsoft.com/kb/277717/ - although you'd need to modify
>> it
>> to match the naming convention you want to use). Without knowing how the
>> other accounts were created, it is rather difficult to speculate why
>> their
>> Full Name is different - this could have happened in a number of
>> different
>> ways (account migration is one of them)...
>> I'd not expect any negative implications, as long as you modify this
>> particular attribute only - but obviously you should test it with one
>> non-critical account first before you apply changes en masse...
>>
>> hth
>> Marcin
>>
>> "UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
>> news:A6172306-0493-4CE7-8277-437348658DF5@microsoft.com...
>> > Hi,
>> >
>> > We have a large group, which recently needed major editing, so I handed
>> > it
>> > over to another person who asked me a very simple question..
>> >
>> > How come when looking at this group, members appeared as one of these
>> > types:
>> >
>> > FSurname
>> > Firstname Surname
>> >
>> > And I had no idea, after a bit of study, it looks like ADUC exposes
>> > members
>> > by the Full Name (or Name attribute) of their accounts.
>> >
>> > The real question is, how come if they have been created using the
>> > normal
>> > Firstname and Lastname options in ADUC, and the full name is generated
>> > automatically from these and is not changed, how do some people have
>> > the:
>> >
>> > FSurname
>> >
>> > I think some of these are old users, so may have been migrated from an
>> > NT4
>> > domain, would this cause this?
>> >
>> > Also is there any damage (Relating to AD and Exchange etc) of running a
>> > script on these accounts to rename the name attribute to firstname
>> > lastname??
>>
>>
>>
Re: AD Attribute query! [message #156895 is a reply to message #156874] Thu, 25 June 2009 11:49 Go to previous message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
To best of my knowledge, the only issues with renaming (changing the cn
attribute) are:

1. The value must be unique in the OU/Container. The same value can be used
elsewhere, such as in another OU.
2. The value cannot be longer than 64 characters.
3. The following characters must be escaped using the backslash escape
character, "\":

, \ # + < > ; " =

Also, leading and trailing spaces must be escaped, but not embedded spaces.
Also, if you are using ADSI (for example, VBScript uses ADSI), the forward
slash character, "/" must also be escaped.

Renaming does not affect group memberships or permissions.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Marcin" <marcin@community.nospam> wrote in message
news:Oiw3MgZ9JHA.1488@TK2MSFTNGP03.phx.gbl...
> The scripting approach for modifying the CN attribute (using the MoveHere
> method of the parent container) is described in
> http://www.microsoft.com/technet/scriptcenter/guide/sas_usr_ aznz.mspx?mfr=true
> I'm not aware of any specific problems related to changing cn, but you
> should watch for name clashes - and obviously test thoroughly...
>
> hth
> Marcin
>
> "UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
> news:CD53BFBC-1840-454E-99A6-57733CF61F87@microsoft.com...
>> Hi,
>>
>> Thanks for the reply, I understand that by setting the 409 attribute for
>> new
>> users, it amends the dialog box at account creation so it becomes
>> surname,
>> firstname, and as display name is taken from that by default, display
>> name in
>> GAL will be surname, firstname as well..
>>
>> However the script underneath it, only adjusts the display name, it does
>> not
>> touch the fullname (Or name attribute), so in AD old users will appear as
>> firstname surname, whilst new users will appear as surname, firstname...
>>
>> I have seen ADMODIFY has a change CN (RDN) option, which I think sets the
>> name attribute and CN attributes to surname, firstname so then AD would
>> also
>> all match up but am worried about any problems of doing this?
>>
>> "Marcin" wrote:
>>
>>> FirstName LastName happens to be the default format of Full Name entry
>>> in
>>> ADUC (as per http://support.microsoft.com/kb/250455/). The article also
>>> provides instructions on how to change this default format for any
>>> future
>>> accounts (btw. you can find a script that changes this format at
>>> http://support.microsoft.com/kb/277717/ - although you'd need to modify
>>> it
>>> to match the naming convention you want to use). Without knowing how the
>>> other accounts were created, it is rather difficult to speculate why
>>> their
>>> Full Name is different - this could have happened in a number of
>>> different
>>> ways (account migration is one of them)...
>>> I'd not expect any negative implications, as long as you modify this
>>> particular attribute only - but obviously you should test it with one
>>> non-critical account first before you apply changes en masse...
>>>
>>> hth
>>> Marcin
>>>
>>> "UselessUser" <UselessUser@discussions.microsoft.com> wrote in message
>>> news:A6172306-0493-4CE7-8277-437348658DF5@microsoft.com...
>>> > Hi,
>>> >
>>> > We have a large group, which recently needed major editing, so I
>>> > handed it
>>> > over to another person who asked me a very simple question..
>>> >
>>> > How come when looking at this group, members appeared as one of these
>>> > types:
>>> >
>>> > FSurname
>>> > Firstname Surname
>>> >
>>> > And I had no idea, after a bit of study, it looks like ADUC exposes
>>> > members
>>> > by the Full Name (or Name attribute) of their accounts.
>>> >
>>> > The real question is, how come if they have been created using the
>>> > normal
>>> > Firstname and Lastname options in ADUC, and the full name is generated
>>> > automatically from these and is not changed, how do some people have
>>> > the:
>>> >
>>> > FSurname
>>> >
>>> > I think some of these are old users, so may have been migrated from an
>>> > NT4
>>> > domain, would this cause this?
>>> >
>>> > Also is there any damage (Relating to AD and Exchange etc) of running
>>> > a
>>> > script on these accounts to rename the name attribute to firstname
>>> > lastname??
>>>
>>>
>>>
>
>
Previous Topic:My Network Places - Across WAN
Next Topic:Do I need a CA server?
Goto Forum:
  


Current Time: Wed Oct 18 01:23:01 EDT 2017

Total time taken to generate the page: 0.07934 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software