Using ADUS (Active Directory User Sycronizaiton) configured on a Domain Controller if you rename a User that is a member of the ADUS group it will cause the original user to be deleted and a new user created.
Example Active Directory User;
Username: jsmith
First Name: John
Last Name: Smith
Email Address: jsmith@scorpionlabs.com
2FA User: smith
If we rename John Smith to Henry Murdoch in Active Directory the Auth Log would show entries similar to this.
Timestamp | Username | Message | Event ID | IP Address |
6/23/2014 11:09 | ADUS Web Service | hmurdoch status has been set to enabled. | 0 | 0.0.0.0 |
6/23/2014 11:09 | ADUS Web Service | ADUS added user: hmurdoch. Token assigned | 20 | 0.0.0.0 |
6/23/2014 11:09 | ADUS Web Service | New user created. (hmurdoch) | 0 | 0.0.0.0 |
6/23/2014 10:49 | ADUS Web Service | ADUS added 1 to this site | 20 | 0.0.0.0 |
6/23/2014 10:49 | ADUS Web Service | ADUS Users SoftToken not assigned list sent to site administrator. | 33 | 0.0.0.0 |
6/23/2014 10:49 | ADUS Web Service | ADUS deleted 1 users. | 20 | 0.0.0.0 |
6/23/2014 10:49 | ADUS Web Service | User deleted. (jsmith. User ID: 54) | 0 | 0.0.0.0 |
If you need to rename an AD User that is also a 2FA user and do not want to reissue their token we can do the following.
- Stop the ADUS service on the Domain Controller.
- Open SQL Management Studio / Tables / Anvil / dbo.Users - Right click and Select Edit top 200 Rows.
This will allow you to edit the following fields.
Username
FirstName
LastName
Email
Note: You can also create a SQL Query to change multiple users if desired. - Once the changes are made in SQL you are then able to make the user account changes in Active Directory.
- Start the ADUS service on the Domain Controller
Questions?
If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.