cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Renaming AD Account

Deleted
Not applicable

‎Jan 02 2017 08:04 PM

‎Jan 02 2017 08:04 PM

Renaming AD Account

We are running Federated domain setup with AD accounts on on-premise and synchronizing using AAD.

 

There is an ask to rename AD Account or UPN.

 

Can some one please let me know what will be the impact if we change UPN and rename AD account?

 

Will the user get same access to his office365 services like mailbox/OneDrive/Sharepoint/Active sync etc?

13.6K Views
0 Likes
6 Replies
Reply
6 Replies
Vasil Michev

‎Jan 02 2017 11:45 PM

‎Jan 02 2017 11:45 PM

Re: Renaming AD Account

He will keep access/permissions, however he should now use the changed UPN when prompted for credentials. His ODFB URL will also change, all files should remain intact though.

1 Like
Reply
Ivan Unger

‎Jan 03 2017 12:00 AM

‎Jan 03 2017 12:00 AM

Re: Renaming AD Account

I just did exactly this yesterday and had the following experience:

 

  • Renamed Lastname (because of a typo error), samaccountname and UPN
  • wait for AAD-Connect sync (or do manually via powershell)
    • O365 Admin Center showed a new email address (with the correct lastname) and moved the previously used email address to the proxyAddresses
  • waited for another AAD-Connect sync, but onPrem (Exchange Admin Center) still showed the old email address as the primary address. 
    • I wasn't sure if I had to wait just longer, but I added the correct email address manually (because our onPrem Spam Firewall wouldn't accept external mails if there was no correct onPrem email address found)
  • the mail.onmicrosoft.com target proxy addresses remain unchanged. 
    • I'm unsure if I should manually add a "correct" proxy address (tenant.mail.onmicrosoft.com) to the online mailbox  and manually change the target address onPrem or leave it be, any suggestions?
1 Like
Reply
Vasil Michev

‎Jan 03 2017 10:46 AM

‎Jan 03 2017 10:46 AM

Re: Renaming AD Account

The UPN doesnt necessarily need to match any email alias, be it the primary or the "routing" one.

0 Likes
Reply
Vinay Shekhar

‎Nov 16 2017 02:32 AM - edited ‎Nov 16 2017 02:33 AM

‎Nov 16 2017 02:32 AM - edited ‎Nov 16 2017 02:33 AM

Re: Renaming AD Account

Hi Ivan,

 

Needed a small help –

Customer has Sharepoint Onpremise, Skype for Business onprem and Exchange Onprem.

SAMAccountName : Contoso\JohnDoe

UPN : JohnDoe@contoso.com

 

They now plan to move to office 365. However before moving to Office 365, they want to change the SAMAccountName as follows-

New SAMAccountName : Contoso\A123134

UPN: JohnDoe@contoso.com

 

Queries-

  • Will their existing on-premise AD profile change when they login to the laptops after this SAMAccountName change?
  • Any impact on their on-premise applications such as Exch, Sharepoint or SfB?
  • Any impact on implementing an Exchange / Sharepoint migration if the SAMAccountName and UPN’s are different?

 

  

Appreciate any insights.

 

0 Likes
Reply
Nuno Silva

‎Nov 16 2017 04:43 AM

‎Nov 16 2017 04:43 AM

Re: Renaming AD Account

Hi Vinay,

 

You can change the SAMAccountName without any problems to Windows profile.

 

When you change the user need to login with the new one in PC, Exchange, etc.

 

Create a test environment:

  • Create a new user with an SAMAccountName
  • Configure a PC with all applications and then do a logoff 
  • Change the SAMAccountName
  • Logon in the PC with new one
0 Likes
Reply
Ivan Unger

‎Nov 16 2017 12:48 PM - edited ‎Nov 16 2017 12:49 PM

‎Nov 16 2017 12:48 PM - edited ‎Nov 16 2017 12:49 PM

Re: Renaming AD Account

@Vinay Shekhar wrote:

Hi Ivan,

 

Needed a small help –

Customer has Sharepoint Onpremise, Skype for Business onprem and Exchange Onprem.

SAMAccountName : Contoso\JohnDoe

UPN : JohnDoe@contoso.com

 

They now plan to move to office 365. However before moving to Office 365, they want to change the SAMAccountName as follows-

New SAMAccountName : Contoso\A123134

UPN: JohnDoe@contoso.com

 

Queries-

  • Will their existing on-premise AD profile change when they login to the laptops after this SAMAccountName change?
  • Any impact on their on-premise applications such as Exch, Sharepoint or SfB?
  • Any impact on implementing an Exchange / Sharepoint migration if the SAMAccountName and UPN’s are different?

 

  

Appreciate any insights.

 

Hi, as for your questions:

 

  • Will their existing on-premise AD profile change when they login to the laptops after this SAMAccountName change?
    • No. The local user profile is linked to the users unique SID. Changing any attribute from that user does not affect a local user profile as the SID remains unchanged. What will change though is the logon username, if they used netbios\samaccountname instead of username@domain.com. The latter would still work since it hasn't changed. I've tried to train my users to always use their email address for logon in case of doubt.
  • Any impact on their on-premise applications such as Exch, Sharepoint or SfB?
    • possibly and also very likely. Depends entirely on the configuration, see above. It also comes to NetBIOS vs UPN. My recommendation would be to always use UPN as the logon attribute, wherever possible. Unfortunately not all applications support this when they claim AD Support or SSO.
  • Any impact on implementing an Exchange / Sharepoint migration if the SAMAccountName and UPN’s are different?
    • By migration do you mean migration to Exchange and SharePoint Online? If so, I don't think it will have any impact, as Azure AD Connect let's you pretty much choose what your logon attribute should be.
0 Likes
Reply