Modify User displayName using the command line ~ My blog about Active Directory and everything else

Tuesday, April 14, 2009

Modify User displayName using the command line

A question came up in the forums today about how to modify the displayname of users to Lastname, Firstname

My friend Matt had a very good suggestion and that was to use a tool called ADModify.NET

ADModify is indeed a great tool and will do that job and that is a very good recommendation, but what I'll show here is a command line method using Joe Richard's adfind and admod tools...have I mentioned I'm a big fan of these tools :)

The first thing to know is that in Active Directory the Lastname and Firstname attributes are not stored that way. What they really are in the background is:

Lastname = sn
Firstname = givenName

So for this example what I'll show is the before, the modification, then the after

What I'll run first is just an adfind command to show that the displayName field is not populated

As you can see no displayName

Next I will use adfind and pipe those results into admod...that is what makes these tools very very powerful

The command is (my accounts are in an OU called admodtest)

adfind -b ou=admodtest,dc=mktest,dc=com -f "&(objectcategory=person)(objectclass=user)" sn givenname -adcsv | admod "displayname::{{sn}}, {{givenname}}"

If you have more than 10 to change at once you can use the -unsafe switch in admod (default will change 10...joe puts a lot of safety nets into his tools)

Note: the -adcsv is a switch that joe has put in so that the output can be passed to his other tools (admod in this case)

The command did complete successfully, but now I run the same adfind command to make sure the display name is what I want...and it works as advertised.

There are also other command line methods (dsmod from Microsoft, PowerShell, VBScript, etc...)

This is just one option in addition to ADModify.NET


  1. Note that this discounts the common scenario in a multinational of folks with only one name. I sometimes jokingly refer to this crowd as single label name folks.

    Most companies I deal with inconsistently use one of three options for this crowd - displayName=name, displayName=", name", and displayName="name, ". Usually option B because chances are the guy writing the IDM code never considered the dude in some SE Asian place you've never heard of who only has one name.

  2. @Brian -- Good point, I've only supported organizations/agencies that have US employees. The few international employees may be from other foreign governments.