Renaming a active directory group

PowerShell Help
1

Hello

we have several AD groups we have to rename.

The problem is not renaming the AD groups themselves, but that there are of course many directories and subdirectories whose permissions are controlled by these groups. So I would have to rename the AD groups and at the same time change the groups of all affected directories. But these changes would take a long time if there are tens of thousands of files and directories in the directory.

Unfortunately our AD groups do not have the attribute “Display Name”. I have read that you can create this attribute when creating new groups, but I can’t find anything to add this attribute to groups afterwards. Then it would be possible to solve the problem, right?

Can anybody help?

Thanks,
Andreas

2

You won’t have to change anything on the permissions. The permissions are linked to the Security Identifier (SID) of the group. After renaming, the SID will simply resolve to the new name when you view the permissions.

Your groups will have the DisplayName attribute. It might not be populated, but the attribute will be there. To update it, use the Set-ADGroup cmdlet.

Set-ADGroup -Identity MyTestGroup -DisplayName 'My New Display Name'
1 Like
3

Thanks, but I have a little problem with my script:

Import-Module ActiveDirectory
$aktuellerScriptpfad = Split-Path -Parent $PSCommandPath
$ImportDatei = $aktuellerScriptpfad + '\RenameGruppen.txt'
clear
$ADGruppenliste = @{}

$ADGruppenliste = Get-Content -Encoding UTF8 $Importdatei

foreach ($ADGruppe in $ADGruppenliste)
{ 
  $NeuerGruppenname = $ADGruppe -replace "share_groups","g_"
  write-host "$ADGruppe --> $NeuerGruppenname"
  Set-ADGroup -Identity $ADGruppe -DisplayName $NeuerGruppenname

If I run the script, powershell can not find the AD group.

fs_share_groups_Test-Rename_r                                  --> fs_g__Test-Rename_r

ObjectNotFound: (fs_share_groups...               :ADGroup) [Set-ADGroup], ADIdentityNotFoundException

but if I enter the same command with the groupnames it works. I do’t know why it does not work running the script? To run the command I just copied the original group names direct from the console.

Set-ADGroup -Identity fs_share_groups_Test-Rename_r  -DisplayName fs_g__Test-Rename_r
4

In your copy/pasted example, you have an extra space before -DisplayName. Are you sure your list of groups in RenameGruppen.txt don’t have any trailing spaces?

Try:

Set-ADGroup -Identity $ADGruppe.Trim() -DisplayName $NeuerGruppenname
1 Like
5

OK, thanks. it works…

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.