New user creation policy


  • I want to change the default login from lastname,firstinitial to firstinitial,lastname when creating a new user account. I can't remember where these default settings are located and how to access and modify. I'd prefer not to use a script, I'd like to see it in a GUI setting. Where can I find it?
    Thursday, March 23, 2017 4:45 PM

All replies

  • Hi

     Check these;

    Create a New User Account

    and you can modify "sAMAccountName" attribute in ADSIEdit;

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, March 23, 2017 5:54 PM
  • Commas are not allowed in sAMAccountName values (the pre-Windows 2000 logon name), so I don't know what attribute to intend to modify. If you mean the common name of the user (the Relative Distinguished Name or RDN), there are no restrictions except maximum length 64 characters. But you cannot logon with the RDN. If you mean the userPrincipalName, that is generally in the form of an email address, which also does not have commas.

    Most likely you mean the RDN (called the Name in ADUC) of the user, in which case you can script to modify the Name property of users, perhaps based on the first and last names of users (if these fields are populated with values for all users). Or a script can read the existing common name and reverse the names before and after the comma.

    Edit: I should add that for many attributes you can use a template when you create new users, which will automatically assign the values you want. For example this link shows how:

    But this assigns the same values to all new users, so it cannot be used to assign names. In your case only a script can automate the process, either to switch names before and after a comma in the common name, or assign values based on already assigned FirstName and LastName fields.

    In case you do want to modify sAMAccountNames, I have a script here that does that in bulk, perhaps based on a function of other attribute values (lke FirstName and LastName):

    This script demonstrates the many things that should be checked when you make changes like this in bulk.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, March 23, 2017 7:07 PM
  • If you want to have custom user creation rules with a GUI instead of a script, there are third party tools that let you a) provision users through a customizable GUI b) define custom rules, such as generation of fields, as well as other provisioning procedures. 

    Have a look at this:

    Friday, March 24, 2017 8:24 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, March 31, 2017 9:23 AM
  • Refer

    Please do test this in your test lab before implementing in production. 



    Friday, March 31, 2017 9:57 AM