If one of my coworkers comes out as trans and informs me of their new chosen name and preferred pronouns –
What’s the best way to update their AD account?
Well, see, you used to be able to use Powershell to call the ADWS Set-UserGender cmdlet, but that’s been deprecated in favor of the Graph API. The Graph endpoints aren’t actually ready yet, but I heard at a conference that the product manager thinks they might hit prerelease in Q2 or Q3…
Oh- Lol, I thought you were joking, I work at a uni where AD is mostly mess of groups for permissions & license entitlements; the ERP carries the demo/bio info and not much makes it to AD. I am SO glad my corner of the org doesn’t mess with roaming profiles (outside our VDI at least, but we are hoping to be able to kill that eventually).
Even more “fun”, the statewide system administration wants to kill off its AD forest in favor of “cloud native” Intune setups, but they can only marshal one FTE and a couple student workers to manage that for 5 campuses, 3 institutes, and like 90 county extension offices. They’ve been at it for 2 years now I think, and departmental IT still can’t even create device groups, add devices to them, or tie configuration profiles to them (poor guy hasn’t even been able to come up with governance or processes to enable that). Woohoo!
We had an employee (first name Peter) who was dumb enough to fall for a phishing mail and enter his work credentials on the attacker’s website.
To be safe (and honestly, also to teach him a lesson) we deactivated his account and recreated it with a different username and e-mail.
His alias is now p.lastname instead of peter.lastname. A couple weeks later I found out his coworkers now call him Pee-Dot behind his back.
You get HR to update all the relevant parts in their app and let it sync over to AD/entra. Changing the UPN is a little more fiddly but usually just requires babysitting the few apps with bad SAML setups.
…. Huh.
Every person at my work has simply picked a new first name with the same letter, so that their LastNameFirstInitial(SometimesNumbers) user ID has not needed to be updated. Only their display names have changed.
Ironically, people changing last name due to marriage have traditionally required more effort.
Can I get some advice here?
If one of my coworkers comes out as trans and informs me of their new chosen name and preferred pronouns –
What’s the best way to update their AD account?
Well, see, you used to be able to use Powershell to call the ADWS Set-UserGender cmdlet, but that’s been deprecated in favor of the Graph API. The Graph endpoints aren’t actually ready yet, but I heard at a conference that the product manager thinks they might hit prerelease in Q2 or Q3…
cries in MS admin
Yeah, that sounds like MS alright.
I admit I’ve used the steamroller approach before:
That’s definitely not the way to go, but it’s been 2 years and so far the user is still working.
Oh- Lol, I thought you were joking, I work at a uni where AD is mostly mess of groups for permissions & license entitlements; the ERP carries the demo/bio info and not much makes it to AD. I am SO glad my corner of the org doesn’t mess with roaming profiles (outside our VDI at least, but we are hoping to be able to kill that eventually).
Even more “fun”, the statewide system administration wants to kill off its AD forest in favor of “cloud native” Intune setups, but they can only marshal one FTE and a couple student workers to manage that for 5 campuses, 3 institutes, and like 90 county extension offices. They’ve been at it for 2 years now I think, and departmental IT still can’t even create device groups, add devices to them, or tie configuration profiles to them (poor guy hasn’t even been able to come up with governance or processes to enable that). Woohoo!
continues to cry in MS admin
Probably impossible. You have to do the whole firing and hiring process
We had an employee (first name Peter) who was dumb enough to fall for a phishing mail and enter his work credentials on the attacker’s website.
To be safe (and honestly, also to teach him a lesson) we deactivated his account and recreated it with a different username and e-mail.
His alias is now p.lastname instead of peter.lastname. A couple weeks later I found out his coworkers now call him Pee-Dot behind his back.
Well, you just put in a ticket with the admins 😁 .
(Being deskside had its advantages!)
Are you asking for technical help? We don’t know what system you use.
You get HR to update all the relevant parts in their app and let it sync over to AD/entra. Changing the UPN is a little more fiddly but usually just requires babysitting the few apps with bad SAML setups.
…. Huh.
Every person at my work has simply picked a new first name with the same letter, so that their LastNameFirstInitial(SometimesNumbers) user ID has not needed to be updated. Only their display names have changed.
Ironically, people changing last name due to marriage have traditionally required more effort.