Using ADUS (Active Directory User Sycronizaiton) configured on a Domain Controller if you rename a User that is a member of the ADUS group it will cause the original user to be deleted and a new user created.
Example Active Directory User;
First Name: John
Last Name: Smith
Email Address: firstname.lastname@example.org
2FA User: smith
If we rename John Smith to Henry Murdoch in Active Directory the Auth Log would show entries similar to this.
|Timestamp||Username||Message||Event ID||IP Address|
|6/23/2014 11:09||ADUS Web Service||hmurdoch status has been set to enabled.||0||0.0.0.0|
|6/23/2014 11:09||ADUS Web Service||ADUS added user: hmurdoch. Token assigned||20||0.0.0.0|
|6/23/2014 11:09||ADUS Web Service||New user created. (hmurdoch)||0||0.0.0.0|
|6/23/2014 10:49||ADUS Web Service||ADUS added 1 to this site||20||0.0.0.0|
|6/23/2014 10:49||ADUS Web Service||ADUS Users SoftToken not assigned list sent to site administrator.||33||0.0.0.0|
|6/23/2014 10:49||ADUS Web Service||ADUS deleted 1 users.||20||0.0.0.0|
|6/23/2014 10:49||ADUS Web Service||User deleted. (jsmith. User ID: 54)||0||0.0.0.0|
If you need to rename an AD User that is also a 2FA user and do not want to reissue their token we can do the following.
- Stop the ADUS service on the Domain Controller.
- Open SQL Management Studio / Tables / Anvil / dbo.Users - Right click and Select Edit top 200 Rows.
This will allow you to edit the following fields.
Note: You can also create a SQL Query to change multiple users if desired.
- Once the changes are made in SQL you are then able to make the user account changes in Active Directory.
- Start the ADUS service on the Domain Controller