TEC
Fri Jun 24 15:24:09 CDT 2005
I dont believe you can modify the CN.
It is derived from the RDN of the object (cn=objectname)
When you create the user it would look something like this:
Set objOU = GetObject("LDAP://cn=users,dc=domain,dc=com")
strFN = objSheet(<col,row for FirstName>)
strLN = objSheet(<col,row for LastName>)
strFullName = strFN & " " & strLN
strRDN = "cn=" & strFullName
Set objUser = objOU.Create("User", strRDN)
objUser.Put "sAMAccountName", objSheet(<col,row for userid>)
objUser.Put "displayName", strFullName
objUser.SetInfo
If you use lastname, firstname you have to include a \ infront of all
comma's. so the RDN line would read
strFullName = strLN & ", " & strFN
strRDN = "cn=" & Replace(strFullName, ",", "\,")
To do a rename of the CN you actually have to do a move of the RDN.
Set objOU = GetObject("LDAP://cn=users,dc=domain,dc=com")
objOU.MoveHere "LDAP://cn=old fn ln,cn=users,dc=domain,dc=com", "cn=new fn
ln"
To move you bind to the target OU, then move the existing distinguishedName
into the target OU with the new RDN.
Hope that isnt too confusing.
"Stewie" <Stewie@discussions.microsoft.com> wrote in message
news:37D919F9-9C81-41CA-985C-B8584D3E2205@microsoft.com...
> Good answer... Thanks... I think I got it... I use an LDAP provider so I
> sould be able to set the CN and get the results I want...
>
> Thanks Richard!
>
> "Richard Mueller [MVP]" wrote:
>
>> Stewie wrote:
>>
>> > I have a script that reads user information from an Excel
>> > Spreadsheet...
>> When
>> > I am creating the accounts everything works just as I expect... However
>> the
>> > name displayed in the AD management console shows the saMAccountName
>> > and
>> not
>> > a full name display as if I created the account by hand... I have tried
>> > several differnet fields, but... no luck... Can someone tell me what
>> > field
>> to
>> > populate to get the AD display to show a full name...
>>
>> Hi,
>>
>> The naming conventions in AD can be confusing. When you create users in
>> ADUC, you assign first and last names and the GUI constructs what is
>> labeled
>> "Full Name", but which is actually the Common Name (the "cn" attribute of
>> the user object). You can overwrite this default in the GUI. Another
>> attribute, called displayName, actually corresponds to what was called
>> "Full
>> Name" in NT and is displayed on the "General" tab of the properties
>> dialog
>> in ADUC as the "Display Name". When you create a user in ADUC, you are
>> required to supply the "pre-Windows 2000 logon name", which is the
>> sAMAccountName (also called the NT name, or the logon name).
>>
>> The user objects listed in ADUC by default show the cn attributes (Common
>> Name), but you can change this or add (Choose) other columns. You can
>> display columns for any attributes you like. On the View menu, select
>> Choose
>> columns... (Name is the cn, Pre-Windows 2000 logon name is the
>> sAMAccountName). The column labeled "Name" in ADUC is actually the
>> Relative
>> Distinguished Name (RDN) of the object, which for user objects is the
>> value
>> of the cn attribute.
>>
>> When you create users in a script using the WinNT provider, you must
>> specify
>> the sAMAccountName (called the Name attribute by WinNT), but AD makes the
>> cn
>> attribute the same. When you create users with LDAP, you specify the cn
>> attribute, but you must also assign a value to the mandatory
>> sAMAccountName
>> attribute.
>>
>> sAMAccountName must be unique in the domain. cn must be unique in the
>> container/OU. I hope this helps.
>>
>> --
>> Richard
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab web site -
http://www.rlmueller.net
>> --
>>
>>
>>