Active Directory users log on with their logon names and password. But what are the rules for assigning usernames? g.surname? surname? gsurname? What are the naming conventions? This article looks for and modifies users who do not meet the naming convention.

Searching for logon names that do not match the naming convention

For the following it is assumed that you use a naming convention of g.surname for all newly created users (Patrick Gruenauer = p.gruenauer). So, we have to search for usernames that don’t have a dot (.). Here’s one:

Now we are looking for users in a particular Organizational Unit (People) that do not meet the naming convention.

Check the list carefully. In the next step we will start modifying their SamAccountName and Userprincipalname.

Changing user logon names

Now we are going to replace the SamAccountName and the UserprincipalName with the first letter of the givenname followed by . and the lastname in lower case.

# Change the logon name of all users in the HR OU to the first letter of the first name and the last name.
# For example, John Doe: doe@domain.com ==> j.doe@domain.com

# Specify the OU where the users are located
$OU = "OU=HR,DC=PAGR,DC=INET"
# Change the logon name of all users

Get-ADUser -Filter * -SearchBase $OU |
Foreach-Object {
    Set-ADUser $_ -SamAccountName ($_.givenname.substring(0,1) + '.' + $_.surname).tolower() `
    -UserPrincipalName (($_.givenname.substring(0,1) + '.' + $_.surname).tolower() + "@" + "$env:userdnsdomain") -Verbose
}

Schwarzenberg then becomes a.schwarzenberg:

Last but not least

Don’t forget to inform the users! 😉