Name change of AD Distribution group. RRS feed

  • Question

  • Hi,

    I have security universal group, no mail enabled.

    I'm trying to change this group name from PowerShell but there are two names: "Group name" and "Group name (pre Windows 2000)

    I use command below but it changes only Pre Win Name. Group Name remains the same.

    Set-ADGroup -server SERV_NAME-Identity 'GROUP_NAME' -samaccountname 'NEW_NAME' -DisplayName 'NEW_NAME'

    Do I use wrong parametr -displayName? Could you please let me know how to change both names?

    Thank you.

    Thursday, February 16, 2017 3:57 PM

All replies

  • Try to change -Name attribute 

    set-adgroup -server SERV_NAME -Identity 'GROUP_NAME' -Name "NEW_NAME" 

    Pre-windows 2000 ---> This is the Samaccountname

    So once you change the -Name parameter you should be fine

    To validate run Get-adgroup -Identity "GROUP_NAME"

    • Edited by Akabe Thursday, February 16, 2017 4:12 PM
    Thursday, February 16, 2017 3:59 PM
  • Unfortunately when I use -Name error appeared "A parameter cannot be found that matches parameter name 'Name'".
    Thursday, February 16, 2017 4:20 PM
  • Ok

    Go to AD > Open the affected group > Navigate to Attribute Editor > Name > Change the name 

    Thursday, February 16, 2017 4:23 PM
  • Else Rename-ADObject -Identity "" -Newname will help 
    Thursday, February 16, 2017 4:26 PM
  • I know how to do it from AD console but I have to much groups names to change it manually.

    Also tried Rename-ADObject but it doesn't work neither. This command shows error that object can not be found. That is strange because other commands can find this group.

    Thursday, February 16, 2017 4:47 PM
  • Try to find the group with its distinguishedName

    Get-adobject -identity "distinguishedName"

    Thursday, February 16, 2017 4:52 PM
  • Get-AdGRoup name | Rename-Object -NewName newname

    This is the only way you can rename an object in AD with AD CmdLets.


    Thursday, February 16, 2017 6:27 PM
  • As jrv noted, you must rename the group object. This the only way to modify the Relative Distinguished Name (the Name or RDN, which is the value of the cn attribute for groups) of the object. You will need two steps for each group. Use Set-ADGroup to modify the sAMAccountName attribute and Rename-ADObject to modify the RDN. Use -Identity to identify the group by the old sAMAccountName in Set-ADUser and change the sAMAccountName. But you cannot use sAMAccountName in the subsequent Rename-ADObject.

    Edit: Something like this for each group:

    $GroupDN = $(Get-ADGroup -Identity "OldName").distinguishedName
    Set-ADGroup -Identity $GroupDN -sAMAccountName "NewName"
    Rename-ADObject -Identity $GroupDN -NewName "NewName"

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, February 16, 2017 9:50 PM
  • Thank you very much it works!
    Friday, February 17, 2017 1:18 PM