News We Recently Launched AD Migrator and AD Reporter.

Home » HowTo » Active Directory » Rename AD Group & Change Names of Active Directory Groups

Rename AD Group & Change Names of Active Directory Groups

  author
Written By Mohit Jha
Anuraag Singh
Approved By Anuraag Singh  
Published On October 16th, 2024
Reading Time 5 Minutes Reading

Any admin who wants to rename AD group may think a lot about where to start. Groups govern many important aspects of an Active Directory such as policy assignment. Moreover, they can act as a miniature Organization unit so Group name change is quite a significant event. So we have made a thorough list of methods that can be used to update the group name in the Active Directory use the one that suits you best, but before that take a look at the possible reasons for the change.

Why A Change Group Name in the Active Directory?

Reasons why groups may be renamed are as follows:

  • The group name is incorrect or misspelled
  • The original intent of the Group name is no longer valid.
  • After generating an AD Group membership report and the policy it is designed to work with does not match its name eg, marketing team members are placed under the HR group. 

In such scenarios, if the number of underlying elements is large then instead of commissioning a large internal migration admins can simply rename the group to match its new intent. 

Note: The change in group name does not affect the policy prescribed to it. As resource access and policy are governed by SID which is an immutable variable.

Rename AD Group Using the Users and Computer Portal

  • Select the Group.
  • This highlights it.
  • Wait for a second and then click again.
  • It will make the name editable.
  • Press backspace/delete to clear the existing name.
  • Type in the new name and press enter (or on click any blank space on the ADUC portal)
  • A Rename Group popup will appear. Verify the new name you are about to put in
  • From here you can also change the pre_Windows 2000 name.
  • Once done press OK.

A second method from within the ADUC is also available:

  • Open the View tab and enable the Advanced Features option.
  • Then double click a group.
  • This will open the Group Properties window.
  • Go to the Attribute Editor tab.
  • There you will find the list of all attributes select the naming attributes you wish to update.
  • Hit Apply and OK.

Perform a Group Name Change in the Active Directory from the Admin Center

Admin center is applicable in other use cases other than finding what OU a user is in.

  • Open ADAC
  • Toggle the Global Search
  • Change the search settings to LDAP and paste this
(&(objectClass=group))
  • Press Apply

Select any group and open Properties, from there you can rename the group easily.

Use Code to Change Name of AD Group

Changing Group Attributes via PowerShell
You can use the Set-ADGroup cmdlet to modify attributes like sAMAccountName, displayName, or description. For renaming the group, use Rename-ADObject.

Set-ADGroup -Identity "GroupName" -sAMAccountName "NewSAMAccountName" -DisplayName "New Display Name" -Description "Updated Description"

Rename AD group (change cn):

Rename-ADObject -Identity "CN=OldGroupName,OU=Groups,DC=yourdomain,DC=com" -NewName "NewGroupName"

Explanation:
Set-ADGroup -Identity: Modify group attributes like sAMAccountName, displayName, and description.
Rename-ADObject: Renames the group (cn) while keeping the distinguished name (DN) intact.

Changing Group Attributes via Command Line (CMD)
For command-line changes, you can use dsmod to modify the sAMAccountName and description. Unfortunately, dsmod cannot change the cn directly (use PowerShell for renaming groups).

dsmod group "CN=GroupName,OU=Groups,DC=yourdomain,DC=com" -samid NewSAMAccountName -desc "New Description" -display "New Display Name"

Explanation:
dsmod group: Modifies the group’s attributes, including sAMAccountName, description, and displayName.
Renaming a Group (in CMD):
To rename a group (changing the cn), you need to use PowerShell (Rename-ADObject), as dsmod does not support renaming the cn.

Renaming a group also boosts up AD security as it helps admins whenever they want to Export Inactive Users from the Active Directory environment. Admins can set a sandbox group and limit resource access via GCP.

A bulk renaming is not recommended as you may end up changing something that wasn’t required.

Best Practices While Renaming Groups in AD

There is not much to take into consideration, except that admins require external verification to ensure that the name change was successful. So for that, look no further than SysTools AD Reporting Tool, the ultimate solution for administrators.
Key Benefits:

  • Easily view and extract the number of groups in your AD
  • No complex scripts required
  • Customizable reporting to meet your organization’s needs
  • Access to group creation date, Distribution, and Security groups

Try it Today!

Download Now Purchase Now

With Flexible Reporting Options, It allows you to categorize reports based on your organization’s requirements.

Conclusion

In this post, we gave users plenty of ways to rename AD group easily. So now the administrators neither have to worry about how to change the name of a group in the Active Directory nor worry about shifting all elements to a new group. The task can be completed with PowerShell, command line, users and Computers portal, or even the administrative center. Moreover, any changes can be verified with the help of an automated reporting tool as underlined in the best practices.

  author

By Mohit Jha

Mohit is a Microsoft Certified expert known for his cloud migration, cyber security, and digital forensics expertise. He specializes in Microsoft 365, Exchange Server, and Azure AD migration, ensuring seamless transitions for organizations worldwide. His multifaceted role as a meticulous tech writer, diligent researcher, and astute editor underscores his commitment to delivering cutting-edge digital forensics and cloud migration strategies.