Active Directory: How do you solve a problem like Maria? Or John Smith?

The larger your organisation gets so do the number of users within your Active Directory and consequently the chances of employing people with the same name. Unless you have good naming policies from the start you may well end up with an untidy directory and if you are using Exchange an address book where it is hard to distinguish between people with the same Display Name.

The below script will generate you a report listing all users whose Display Name matches that of somebody else and for instance what a new Display Name would look like if you added their department field in brackets after their name – of course you could use another field entirely to distinguish them.

Note: that it is using the Quest AD cmdlets.

Add-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue

$users = Get-QADUser -DontUseDefaultIncludedProperties -SizeLimit 0 -LdapFilter '(mail=*)' | Group-Object displayname | Where-Object {$_.count -gt 1}
$myCol = @()

foreach ($user in $users){

    foreach ($duplicateuser in $user.group){

    $NewDisplayName = $duplicateuser.DisplayName + " (" + $duplicateuser.Department + ")"

    $MYInfo = “” | Select-Object UserID,CurrentDisplayName,newDisplayName,Department
    $MYInfo.UserID = $duplicateuser.Name
    $MYInfo.CurrentDisplayName = $duplicateuser.DisplayName
    $MYInfo.NewDisplayName = $NewDisplayName
    $MYInfo.Department = $duplicateuser.Department
    $myCol += $MYInfo
   }
}

$myCol | Export-Csv C:\Scripts\Report.csv -NoTypeInformation

After reviewing the report and deciding to fix everyone on the list you could do it with the very similar code below:

Add-PSSnapin -Name Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue

$users = Get-QADUser -DontUseDefaultIncludedProperties -SizeLimit 0 -LdapFilter '(mail=*)' | Group-Object displayname | Where-Object {$_.count -gt 1}

foreach ($user in $users){

    foreach ($duplicateuser in $user.group){

    $NewDisplayName = $duplicateuser.DisplayName + " (" + $duplicateuser.Department + ")"
    Set-QADUser $duplicateuser -DisplayName $NewDisplayName

   }
}

Of course you might be in a scenario where some people already have brackets after their name and you wish to create a report of those. The below one liner will give you those results.

Get-QADUser -ldapfilter '(&(displayname=*(*)*)(mail=*))' -DontUseDefaultIncludedProperties | Select-Object name,displayname,department | Export-Csv C:\Scripts\Report.csv -NoTypeInformation

2 thoughts on “Active Directory: How do you solve a problem like Maria? Or John Smith?

  1. I am running into trouble with set-qaduser.

    Would this work ?

    get-qaduser test123 | set-qaduser -userpassword “Password”

    I am asking because i tried and it did not.

Comments are closed.