Changing User CNs

After an upgrade or migration to Active Directory, many customers find themselves with "garbage" or "baggage" from the old environment that is inconsistent with newly created objects. For example, an existing user might have the following DN:

CN=smithJ,OU=Managed Users,DC=MyDomain,DC=gov

but newly created users might have a full name populated in their DN:

CN=John Smith,OU=Managed Users,DC=MyDomain,DC=gov
CN=Smith\, John,OU=Managed Users,DC=MyDomain,DC=gov

Sometimes, organizations find it desireable to build some level of consistency between newly created objects and legacy objects, but the user interface for such a task can make it quite daunting (and not really worth the effort). Scripting, however, can make the process quite simple. Consider the following:

'*** Set the Default Container (Domain or OU)

Set oContainer = GetObject("LDAP://ou=MyUsers,dc=MyDomain,dc=gov")

'*** set filter to user objects
oContainer.Filter = Array("User")
On Error Resume Next

For Each object In oContainer

   '*** Change object name
oContainer.MoveHere object.ADsPath, "cn=" & chr(34) & object.sn & ", " & object.givenName & chr(34)
wscript.Echo chr(34) & object.sn & ", " & object.givenName & chr(34) & ": " & object.ADsPath
Next

This script takes all user objects in a domain and actually moves them to a new OU, in this case using the "SirName, GivenName" format for the first component of the DN. It could easily be modified for "FirstName LastName" or any other attribute of the user, as determined necessary to create a consistency across all users.