Users are one of the most popular objects in AD. They are used for authentication and authorization on workstations. Also, in many services which are integrated with AD. User management is the main routine for sysadmins and helpdesk specialists. This guide helps to manage such objects in multiple ways. For managing users there is a need to install RSAT tools or manage them from your DC. You have to be signed under domain admin or an Account Operators user or with delegation rights to create objects in the current OU.
Moving a User Account via Active Directory Users and Computers(ADUC)
In ADUC (dsa.msc) go to the OU or container with needed user account. Rightclick it and select Find.... In the Name field, type the name of the user account and then click Find Now... From the list of Search results, select the needed user object.
Right-click on the user account. Select Move... from the menu.
The Move window appears:
In the Move window, navigate to the OU or container where you want to move the user object to, select it and click OK.
Moving a User Account via Command Prompt
In order to move user object(GSoul in our case) to “Employees” OU run dsmove.exe in cmd with the following parameters:
Moving a User Account via Windows PowerShell
Use the following Powershell code to move a user account (GSoul in our example) to “Employees” OU.
Move-ADObject -Identity:"CN=GSoul,CN=Users,DC=office,DC=local" -TargetPath:"OU=Employees,DC=office,DC=local"
How to Rename a User Account in Active Directory
In order to rename a user account, follow these several instructions.
Renaming a User Account via Active Directory Users and Computers
In Active Directory Users and Computers (dsa.msc) in the View menu, enable Advanced Features.
Navigate to OU or container where needed user object resides. Right-click it and select Find.... In the Name field, type the name of the user and press “Find Now”. From the search results right-click the needed user account and select Rename. Type the new name and press Enter.
In the Rename User window, enter new data for other attributes and click OK.
Renaming a User Account via Command Prompt
Use dsmove.exe with the following parameters in order to rename a user:
Renaming a User Account via PowerShell
In order to rename a user in AD enter this code into Windows PowerShell:
Rename-ADObject -Identity "CN=GSoul,CN=Users,DC=office,DC=local" -NewName "Gordon Gates"
Conclusion
Managing user accounts is a fundamental task for system administrators and helpdesk specialists in any Active Directory environment. Knowing how to efficiently move and rename user accounts helps keep the directory organized and aligned with your company’s structure. Whether you prefer using the graphical Active Directory Users and Computers tool, the Command Prompt, or PowerShell, each method offers flexibility depending on your environment and preferences. Always ensure you have the necessary permissions—such as domain admin or delegated rights—to perform these operations safely and avoid disruptions in user authentication and authorization.
FAQ
- Q: What permissions are required to move or rename user accounts in Active Directory?
A: You need to be logged in as a domain administrator, a member of the Account Operators group, or have delegated rights for the target organizational units. - Q: Can I move user accounts between different domains using these methods?
A: No, these commands and tools only allow moving or renaming within the same Active Directory domain. - Q: What is the advantage of using PowerShell over ADUC for user management?
A: PowerShell allows automation, scripting, and bulk management, making it more efficient for managing multiple accounts or integrating with other administrative tasks. - Q: Does renaming a user account affect their login credentials?
A: Renaming changes the user’s display name and object name in AD, but you may also need to update the user’s User Principal Name (UPN) or login name separately if required. - Q: What happens if I move a user account to a different OU with different group policies?
A: The user will start inheriting the policies applied to the new OU, which might affect their permissions or environment settings.