I work with an on-premises data center that uses Entra Connect and Office 365 email. I'm wondering about the proper process to change a user's username. Can I just right-click the user in Active Directory Users and Computers (ADUC) and rename them, or do I need to edit specific attributes as well? I want to make sure I do this right.
Edit: I ended up right-clicking the user in ADUC and renaming them. I replaced the last name in every field and added the old email address to the ProxyAddress attribute so third-party apps could still send emails. After that, I ran a delta sync to update everything. I asked the user to log out of their profile and log back in with the new username, and I let them know it may take about 24 hours for everything to update. Interestingly, their profile still pointed to the same folder in C:Users.
4 Answers
Did you remember to update the mail attribute? It's crucial for email functionality.
Your method sounds solid! Remember, local accounts won’t sync, so renaming the old account or having the user log into a new profile with the new name are both valid options. Just a heads up: some SSO apps might have issues with UPN changes; in those cases, you might want to delete the old account and set up a new one automatically.
That's interesting about the Windows profile—logging in with the new username still used the same folder. Who would have thought?
Yeah, if you're changing the username, that would include both UPN and SamAccountName. Just use the traditional method on-prem, then run a delta sync or wait about an hour for it to reflect. Just ensure there are no unusual Entra Connect settings that might complicate things.
If you're syncing the UPN to UPN, just change the source directly and wait for it to replicate. But if you're using a different LDAP attribute like mail, make sure to update that too. It's pretty straightforward!
Right-click and rename worked perfectly for me too. I just made sure to add the old email address as an alias in the ProxyAddress attribute.
I checked and the mail attribute is still set to the old email, but everything seems to be working fine for now.