About Windows 2000 server account names

·	There are three identifiers for each user account on Windows 2000 server

·	How names (identifiers) are created in MMC / "Active Directory Users and Computers"

·	How Windows 2000 server names are set by AdmWin

·	How to rename Windows 2000 server accounts with AdmWin

---

There are three identifiers for each user account on Windows 2000 server

Identifier	Used	Comments
Common name (cn)	Active directory	· Use the common name when editing accounts through Active directory.   · The common name is what's displayed in MMC / "Active Directory Users and Computers".
SamAccountName	Logon name NT 4.0, W9x etc, but can also be used on Windows 2000	· Users can logon to a Windows 2000 domain with the SamAccountName or the UPN.   · The SamAccountName is what's displayed in AdmWin / SetupExplorer / Accounts.
User Principal Name (UPN)	Windows 2000 logon name, or "Internet-style login name"	· MS: "By convention, this should map to the user's e-mail name. The point of the UPN is to consolidate the e-mail and logon namespaces so that the user need only remember a single name."... "Once assigned, the UPN is unaffected by changes to other properties of the user object." Thus, a user can keep the same login name, even if the account is renamed or moved. "The UPN is the preferred logon name for Windows 2000 users."   · UPN logon means more typing and is not mandatory.   · The UPN can be left blank when creating accounts and entered later if needed. When there's no UPN, Windows 2000 displays the SamAccountName when you check access rights etc. in explorer.

The common name, samAccountName and UPN can be the same on one account but must be unique for different accounts - it is not possible to have two different accounts in one domain with the same common name, the same samAccountName or the same UPN.

Notice that local 2000 and XP workstation accounts still only uses the original NT SamAccountName.

How names (identifiers) are created in MMC / "Active Directory Users and Computers"

·	In MMC, when manually creating an account, "Display name" is automatically created from "First name" + "Initials" + "Last name". (When you check access rights etc. in explorer, the "Display Name" is the name shown beside the logon name.)

·	The display name is also used by MMC to create the common name "/cn=" for the account, meaning that you will get quite long common names.

·	It is not possible to change the common name by changing "Display name" in MMC / "Active Directory Users and Computers" / properties - the only way is to right-click the account and choose rename.

·	When you type in a "user Logon name in MMC" (first part of UPN), the "User logon name (pre-Windows 2000)" (SamAccountName) field is automatically copied from the UPN as you type (can be changed).

·

In the end you'll end up with two or three different names for each account - one automatically created common name, one UPN and maybe one "User logon name (pre-Windows 2000)". And all of these must then be kept unique for each account. If you really want to consolidate namespaces; do not use the common names that MMC creates for you.

How Windows 2000 server names are set by AdmWin

·	When creating an account with AdmWin, the common name will be set to samAccountname. Use the user name generator to avoid duplicate names.

·

The UPN can be set after the account is created. To avoid confusion it's best to set UPN to the same name as samAccountname and common name and just add your domain suffix. Notice: unlike when the UPN is entered in MMC / "Active Directory Users and Computers", the complete UPN most be specified, example: "bill@microsoft.com".

How to rename Windows 2000 server accounts with AdmWin

Name to change	AdmWin command
Common name	AD.Account.SetProperty, PropertyName=CommonName
SamAccountName	AD.Account.SetProperty, PropertyName=samAccountName or Account.Rename
User Principal Name (UPN)	AD.Account.SetProperty, PropertyName=UserPrincipalName

   

Example: Completely rename a Windows server 2000 account.