question on case in "ad users and computers"

  • Thread starter Thread starter Joe Richards [MVP]
  • Start date Start date
J

Joe Richards [MVP]

I assume you mean an rdn rename which you can't do from ADUC. You cshould be able to script this with the movehere adsi
call. Just make sure you just change case and before doing it for real, do it on some test machines first.
 
we have been migrating users into ad. my question is how can i change the
case of the machine names in users and computers. it appears that some
people would prefer everything in lower case and over time things have been
entered in upper.

thx
 
As Joe points out be careful with this. If the account was created with the
"Assign this computer account as a pre-Windows 2000 computer" checked, the
computer will no longer be able to logon to the domain. The reason for this
is that the computer account password gets set to the name of the computer
when the account is created. Since passwords are case-sensitive this might
cause problems. If all of your clients are W2K+ then you shouldn't have a
problem.

--
Jeff Jones [MS]
Active Directory Administration Tools Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.



Joe Richards said:
I assume you mean an rdn rename which you can't do from ADUC. You cshould
Click to expand...
be able to script this with the movehere adsi
call. Just make sure you just change case and before doing it for real, do
Click to expand...
it on some test machines first.
 
That shouldn't be a problem for two reasons...

1. The computer will have changed the password when it joined.

2. The passwords on the pre-W2K computer accounts are lower case.

Here's a little perl snippet I have used to create thousands of server accounts with (note the setting password piece at
the end):


print "Creating $computername...\n";

$adsnewcomputer=Win32::OLE->GetObject("LDAP://$dc/cn=$computername,$computerou");
if ($adsnewcomputer)
{
print "Computer already exists...\n";
return $FALSE;
}

$samname=$computername.'$';
$adsnewcomputer=$adscomputerou->Create("computer","CN=$computername");

$adsnewcomputer->Put("sAMAccountName","$samname");
$adsnewcomputer->Put(userAccountControl,$UF_WORKSTATION_TRUST_ACCOUNT);
$test=$adsnewcomputer->Get("sAMAccountName");
$result=$adsnewcomputer->SetInfo();
$lasterror=Win32::OLE->LastError();
if ($lasterror)
{
print "Error: $lasterror\n";
exit;
}
$adsnewcomputer="";
$adsnewcomputer=Win32::OLE->GetObject("LDAP://$dc/cn=$computername,$computerou");
if (!$adsnewcomputer)
{
print "Computer Creation failed for $computername...\a\n";
return $FALSE;
}
print "Setting initial password...\n";
$password=lc($computername);
$adsnewcomputer->SetPassword($password);
$lasterror=Win32::OLE->LastError();
if ($lasterror)
{
print "Set Password Error: $lasterror\n";
exit;
}



--
Joe Richards
www.joeware.net

--

Jeff Jones said:
As Joe points out be careful with this. If the account was created with the
"Assign this computer account as a pre-Windows 2000 computer" checked, the
computer will no longer be able to logon to the domain. The reason for this
is that the computer account password gets set to the name of the computer
when the account is created. Since passwords are case-sensitive this might
cause problems. If all of your clients are W2K+ then you shouldn't have a
problem.

--
Jeff Jones [MS]
Active Directory Administration Tools Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.



Joe Richards said:
I assume you mean an rdn rename which you can't do from ADUC. You cshould
Click to expand...
be able to script this with the movehere adsi
call. Just make sure you just change case and before doing it for real, do
Click to expand...
it on some test machines first.
Click to expand...
 
Back
Top