JSI Tip 9777. How can I replace spaces in all users sAMAccountName with periods, and set their userPrincipalName?


If the sAMAccountName of a user contain spaces, like John Doe for user CN=John Doe,CN=Users,DC=JSIINC,DC=COM, or Jane Doe for user CN=Jane Doe,OU=West,DC=JSIINC,DC=COM, you might want to change them to be John.Doe for user CN=John Doe,CN=Users,DC=JSIINC,DC=COM, and Jane.Doe for user CN=Jane Doe,OU=West,DC=JSIINC,DC=COM. Additionally, you may want to set the UPN (User Principal Name - userPrincipalName) to their <sAMAccountName>@<DomainName>, so that John Does's UPN is [email protected] and Jane Doe's UPN is [email protected].

Using AdFind freeware and AdMod freeware, I have scripted SAMUPNPeriod.bat to replace spaces in all users sAMAccountName with periods, and set their userPrincipalName accordingly.

The syntax for running SAMUPNPeriod.bat is:

SAMUPNPeriod \[domain\]

Where domain is an optional domain name to use in the UPN, as in JSIINC.COM. If omitted, the %USERDNSDOMAIN% environment variable is used.

Prior to running the script, my Active Directory contained:

distinguishedName                            sAMAccountName  UserPrincipalName
CN=John Doe,CN=Users,DC=JSIINC,DC=COM        John Doe        John [email protected]
CN=Jane Doe,OU=West,DC=JSIINC,DC=COM         Jane Doe            missing
CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM Jerry           [email protected]
CN=Tom Smith,CN=Users,DC=JSIINC,DC=COM       Tom                  missing
After ruuning the script, my Active Directory contained:
distinguishedName                            sAMAccountName  UserPrincipalName
CN=John Doe,CN=Users,DC=JSIINC,DC=COM        John.Doe        [email protected]
CN=Jane Doe,OU=West,DC=JSIINC,DC=COM         Jane.Doe        [email protected]
CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM Jerry           [email protected]
CN=Tom Smith,CN=Users,DC=JSIINC,DC=COM       Tom             [email protected]
SAMUPNPeriod.bat contains:
@echo off
setlocal ENABLEDELAYEDEXPANSION
set domain=%1
set domain=%domain:"=%
if \{%1\}==\{\} set domain=%USERDNSDOMAIN%
for /f "Skip=3 Tokens=1* Delims=:" %%a in ('adfind -default -noctl -f "&(objectcategory=person)" sAMAccountName userPrincipalName') do (
 set p1=%%a
 set p1=!p1:~1!
 set p2="%%b"
 set p2=!p2:" ="!
 if "!p1!" EQU "n" call :update 
 if !p2! EQU "" call :update
 if "!p1!" EQU "sAMAccountName" set samid=!p2!
 if "!p1!" EQU "userPrincipalName" set oldupn=!p2!
)
endlocal
goto :EOF
:update
if not defined dn goto :update2
if not defined samid goto update2
set oldsam=!samid!
set oldsam=%oldsam:"=%
set samid=!samid: =.!
set samid=!samid:"=!
set oldupn=!oldupn:"=!
set [email protected]%domain%
if "%samid%" NEQ "%oldsam%" goto update1
if "%upn%" EQU "%oldupn%" goto update2
:update1
@echo admod -b %dn% "sAMAccountName::%samid%" "userPrincipalName::%upn%"
call :quiet>nul 2>&1
:update2
set dn=!p2!
set samid=
set oldupn=
goto :EOF
:quiet
admod -b %dn% "sAMAccountName::%samid%" "userPrincipalName::%upn%"



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish