Offer

News We Recently Launched AD Migrator and AD Reporter.

Home » HowTo » Active Directory » Rename AD Group & Change Names of Active Directory Groups

Rename AD Group & Change Names of Active Directory Groups

  author
Written By Mohit Jha
Anuraag Singh
Approved By Anuraag Singh  
Published On November 20th, 2024
Reading Time 6 Minutes Reading

Any admin who wants to rename the AD group may think a lot about where to start. Groups govern many important aspects of an Active Directory such as policy assignment. Moreover, they can act as a miniature Organization unit so Group name change is quite a significant event.

Table of Contents

So we have made a thorough list of methods that can be used to update the group name in the Active Directory use the one that suits you best, but before that take a look at the possible reasons for the change.

Why A Change Group Name in the Active Directory?

Reasons why groups may be renamed are as follows:

  • The group name is incorrect or misspelled
  • The original intent of the Group name is no longer valid.
  • After generating an AD Group membership report and the policy it is designed to work with does not match its name eg, marketing team members are placed under the HR group. 

In such scenarios, if the number of underlying elements is large then instead of commissioning a large internal migration admins can simply rename the group to match its new intent. 

Note: The change in group name does not affect the policy prescribed to it. As resource access and policy are governed by SID which is an immutable variable.

Rename AD Group Using the Users and Computer Portal

  • Select the Group.
  • This highlights it.
  • Wait for a second and then click again.
  • It will make the name editable.
  • Press backspace/delete to clear the existing name.
  • Type in the new name and press enter (or on click any blank space on the ADUC portal)
  • A Rename Group popup will appear. Verify the new name you are about to put in
  • From here you can also change the pre_Windows 2000 name.
  • Once done press OK.

A second method from within the ADUC is also available:

  • Open the View tab and enable the Advanced Features option.
  • Then double click a group.
  • This will open the Group Properties window.
  • Go to the Attribute Editor tab.
  • There you will find the list of all attributes select the naming attributes you wish to update.
  • Hit Apply and OK.

Perform a Group Name Change in the Active Directory from the Admin Center

Admin center is applicable in other use cases other than finding what OU a user is in.

  • Open ADAC
  • Toggle the Global Search
  • Change the search settings to LDAP and paste this
(&(objectClass=group))
  • Press Apply

Select any group and open Properties, from there you can rename the group easily.

Use Code to Change Name of AD Group

Changing Group Attributes via PowerShell
You can use the Set-ADGroup cmdlet to modify attributes like sAMAccountName, displayName, or description. For renaming the group, use Rename-ADObject.

Set-ADGroup -Identity "GroupName" -sAMAccountName "NewSAMAccountName" -DisplayName "New Display Name" -Description "Updated Description"

Rename AD group (change cn):

Rename-ADObject -Identity "CN=OldGroupName,OU=Groups,DC=yourdomain,DC=com" -NewName "NewGroupName"

Explanation:
Set-ADGroup -Identity: Modify group attributes like sAMAccountName, displayName, and description.
Rename-ADObject: Renames the group (cn) while keeping the distinguished name (DN) intact.

Changing Group Attributes via Command Line (CMD)
For command-line changes, you can use dsmod to modify the sAMAccountName and description. Unfortunately, dsmod cannot change the cn directly (use PowerShell for renaming groups).

dsmod group "CN=GroupName,OU=Groups,DC=yourdomain,DC=com" -samid NewSAMAccountName -desc "New Description" -display "New Display Name"

Explanation:
dsmod group: Modifies the group’s attributes, including sAMAccountName, description, and displayName.
Renaming a Group (in CMD):
To rename a group (changing the cn), you need to use PowerShell (Rename-ADObject), as dsmod does not support renaming the cn.

Renaming a group also boosts up AD security as it helps admins whenever they want to Export Inactive Users from the Active Directory environment. Admins can set a sandbox group and limit resource access via GCP.

A bulk renaming is not recommended as you may end up changing something that wasn’t required.

Best Practices While Renaming Groups in AD

There is not much to take into consideration, except that admins require external verification to ensure that the name change was successful. So for that, look no further than SysTools AD Reporting Tool, the ultimate solution for administrators.
Key Benefits:

  • Easily view and extract the number of groups in your AD
  • No complex scripts required
  • Customizable reporting to meet your organization’s needs
  • Access to group creation date, Distribution, and Security groups

Try it Today!

Download Now Purchase Now

With Flexible Reporting Options, It allows you to categorize reports based on your organization’s requirements.

Conclusion

This post gave users plenty of ways to rename AD groups easily. So now the administrators do not have to worry about changing the name of a group in the Active Directory or shifting all elements to a new group. The task can be completed with PowerShell, command line, users and Computers portal, or even the administrative center. Moreover, any changes can be verified with the help of an automated reporting tool as underlined in the best practices.

Frequently Asked Questions When Admins Change the Name of AD Group

Will there be a cool-down period between two Active Directory group name change attempts?

No, Admins may be able to put in some restrictions via group policy but that’s it. Active Directory in its raw native form does not control how many times or how often you change an object name.

Is there a maximum number of times I can rename the Active Directory group?

No, but multiple name change operations in a short period of time can cause your AD to malfunction.
The biggest problem is if you operate a multi-domain structure, as the new name update must reach every AD; too many requests can overwhelm the replication bridge.
Another problem stems from a user point of view.
If the AD name change is abrupt and has a high frequency without prior warning, you may see internal IT complaints rise from users looking for answers.

What are some caveats to watch out for if you are changing the name of the Group in AD?

You cannot have a blank name. AD will automatically remove any leading/trailing spaces.

You can have spaces between two words; just note that if you put more than one space, the name will appear in a truncated format.
So you will only see the first character followed by 3 dots(…).

Every special character present in the (default US keyboard) can be put in the name. However, the pre-2000 name column won’t allow any special characters other than the underscore. You can change the pre-2000 name, remove it entirely, or replace the special character with the ( _ ).

Moreover, when you include any of them, you face the same issue where you only get the first character followed by 3 dots (…). The number of characters in the name cannot exceed 64. This limit is on the count itself and applies regardless of size. Therefore, you can have no more than 64 characters, whether it is a wide capital W or a thin small i.

  author

By Mohit Jha

Mohit is a Microsoft Certified expert known for his cloud migration, cyber security, and digital forensics expertise. He specializes in Microsoft 365, Exchange Server, and Azure AD migration, ensuring seamless transitions for organizations worldwide. His multifaceted role as a meticulous tech writer, diligent researcher, and astute editor underscores his commitment to delivering cutting-edge digital forensics and cloud migration strategies.