Looking through the clients AD yesterday we came across an interesting issue that needs to be resolved.
There are around 200 Active Directory groups that have been created with the wrong information in the sAMAccountName field (PreWindows2000 Name). I'm not sure how they've managed to do this, I suspect it's something to do with an old/bad import of data from their IDM solution, although the IDM guys seem adamant that this is not the case.
Normally this wouldn't be an issue however, the client are also configuring PCounter to use Active Directory groups rather than OUs. Tests yesterday showed that PCounter uses the sAMAccountName and not the CN and, since the sAMAccountName fields for this group of 200 or so groups is incorrect (format is something like "$9QO000-2T3GRST35425" rather than the friendly name of "HGD21") it is very difficult for the clients IT Admins to marry-up the 'unfriendly' sAMAccountNames with the 'friendly' CN.
I am looking for a simple and easy way to rename the "sAMAccountName" field with the data from the "CN" field...is this easy to do? Can I script this, use LDIFDE etc. or would I be better off just spending the day going through the groups and changing them manually.