User Naming Attributes

User naming attributes identify user objects, such as logon names and IDs used for security purposes. The cn, name, and distinguishedName attributes are examples of user naming attributes. A user object is a security principal object, so it also includes the following user naming attributes:

• userPrincipalName — the logon name for the user
• objectGUID — the unique identifier of a user
• sAMAccountName — a logon name that supports previous version of Windows
• objectSid — security identifier (SID) of the user
• sIDHistory — the previous SIDs for the user object

You can view and manage these attributes using the Active Directory User and Computers MMC snap-in, which is available in the Remote Server Administration Tools (RSAT).

userPrincipalName

The userPrincipalName attribute is the logon name for the user. The attribute consists of a user principal name (UPN), which is the most common logon name for Windows users. Users typically use their UPN to log on to a domain. This attribute is an indexed string that is single-valued.

A UPN is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than a distinguished name and easier to remember. By convention, this should map to the user’s email name. The point of the UPN is to consolidate the email and logon namespaces so that the user only needs to remember a single name.

UPN Format

A UPN consists of a UPN prefix (the user account name) and a UPN suffix (a DNS domain name). The prefix is joined with the suffix using the «@» symbol. For example, «someone@ example.com». A UPN must be unique among all security principal objects within a directory forest. This means the prefix of a UPN can be reused, just not with the same suffix.

A UPN suffix has the following restrictions:

• It must be the DNS name of a domain, but does not need to be the name of the domain that contains the user.
• It must be the name of a domain in the current domain forest, or an alternate name listed in the upnSuffixes attribute of the Partitions container within the Configuration container.

UPN Management

A UPN can be assigned, but is not required, when a user account is created. When a UPN is created, it is unaffected by changes to other attributes of the user object such as the user being renamed or moved. This allows the user to keep the same login name if a directory is restructured. However, an administrator can change a UPN. When you create a new user object, you should check the local domain and the global catalog for the proposed name to ensure it does not already exist.

When a user uses a UPN to log on to a domain, the UPN is validated by searching the local domain and then the global catalog. If the UPN is not found in the global catalog, the logon attempt fails.

objectGUID

The objectGUID attribute is the unique identifier of a user. The attribute is a single-valued 128-bit Globally Unique Identifier (GUID), and is stored as an ADS_OCTET_STRING structure. The GUID is created by the Active Directory server when a user object is created.

Because an object’s distinguished name changes if the object is renamed or moved, the distinguished name is not a reliable identifier of an object. In Active Directory Domain Services, an object’s objectGUID attribute never changes, even if the object is renamed or moved. You can retrieve the string form of the objectGUID using the GUID property method in IADs Property Methods.

sAMAccountName

The sAMAccountName attribute is a logon name used to support clients and servers from previous version of Windows, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. The logon name must be 20 or fewer characters and be unique among all security principal objects within the domain.

objectSid

The objectSid attribute is the security identifier (SID) of the user. The SID is used by the system to identify a user and their group memberships during interactions with Windows security. The attribute is single-valued. The SID is a unique binary value used to identify the user as a security principal.

The SID is set by the system when the user is created. Each user has a unique SID issued by a Windows domain and stored in the objectSid attribute of the user object in the directory. Each time a user logs on, the system retrieves the user’s SID from the directory and places it in the user’s access token. The user’s SID is also used to retrieve the SIDs for the groups of which the user is a member and places them in the user’s access token. When a SID has been used as the unique identifier for a user or group, it cannot be used again to identify another user or group.

sIDHistory

The sIDHistory attribute contains the previous SIDs for the user object. This is a multi-valued attribute. A user object has previous SIDs if the user was moved to another domain. Whenever a user object is moved to a new domain, a new SID is created and assigned the objectSid attribute, and the previous SID is added to the sIDHistory attribute.

User Name Formats

When an application uses the Credentials Management API to prompt for credentials, the user is expected to enter information that can be validated, either by the operating system or by the application. The user can specify domain credentials information in one of the following formats:

User Principal Name

User principal name (UPN) format is used to specify an Internet-style name, such as UserName@Example.Microsoft.com. The following table summarizes the parts of a UPN.

Part	Example
User account name. Also known as the logon name.	UserName
Separator. A character literal, the at sign (@).	@
UPN suffix. Also known as the domain name.	Example.Microsoft.com

A UPN can be implicitly or explicitly defined. An implicit UPN is of the form UserName@DNSDomainName.com. An implicit UPN is always associated with the user’s account, even if an explicit UPN is not defined. An explicit UPN is of the form Name@Suffix, where both the name and suffix strings are explicitly defined by the administrator.

Down-Level Logon Name

The down-level logon name format is used to specify a domain and a user account in that domain, for example, DOMAIN\UserName. The following table summarizes the parts of a down-level logon name.

Переменные среды Windows¶

Переменная окружения (переменная среды́, англ. environment variable) — текстовая переменная операционной системы, хранящая какую-либо информацию — например, данные о настройках системы или сведения о текущем пользователе.

Работа с переменными¶

В качестве примера можно привести переменную %APPDATA% , которая указывает путь до папки, в которой хранятся настройки некоторых программ текущего пользователя. Обычно это C:\Documents And Settings\Пользователь\Application Data , где Пользователь это изменяемое значение. Для каждой учетной записи используется своё имя пользователя.

Чтобы каждый раз не узнавать имя учетной записи текущего пользователя и не подставлять в путь к папке Application Data соответствующее значение и используется переменная окружения %APPDATA% .

Это позволяет, к примеру, быстро открывать папку Application Data , для этого в меню «Пуск →Найти» или в «Пуск →Выполнить» введите %APPDATA% и нажмите клавишу Enter .

Чтобы получить значение переменной окружения через командную строку, используется команда echo , например:

Введенная в командной строке, эта комбинация отобразит архитектуру процессора текущего компьютера. Возможен один из трёх вариантов: x86 , IA64 , AMD64 .

Список переменных¶

Далее приводится список основных переменных, более подробный список приведен в статье Переменная среды Windows.

Основные переменные ¶

Переменная	Описание
%APPDATA%	Возвращает используемое по умолчанию размещение данных приложений. В Windows XP это C:\Documents and Settings\%UserName%\Application Data . В Windows 7 — C:\Users\%UserName%\AppData\Roaming .
%PROCESSOR_ARCHITECTURE%	Архитектура процессора. Возможные варианты: x86 , IA64 , AMD64 .
%USERNAME%	Имя текущего пользователя.
%CD%	Указывает путь к текущему каталогу. Идентична команде CD без аргументов.
%USERPROFILE%	Путь к профилю текущего пользователя.
%WINDIR%	Каталог, в котором установлена Windows.
%LOGONSERVER%	Имя контроллера домена, использовавшегося для авторизации текущего пользователя.
%HOMEPATH%	Возвращает полный путь к основному каталогу пользователя. Задаётся на основании расположения основного каталога. Основной каталог пользователя указывается в оснастке «Локальные пользователи и группы».
%DATE%	Возвращает текущую дату. Использует тот же формат, что и команда date /t . Создаётся командой Cmd.exe .
%TIME%	Возвращает текущее время. Использует тот же формат, что и команда time /t . Создаётся командой Cmd.exe .
%COMPUTERNAME%	Имя компьютера.
%TEMP% и %TMP%	Возвращает временные каталоги, по умолчанию используемые приложениями, которые доступны пользователям, выполнившим вход в систему. Некоторые приложения требуют переменную TEMP , другие — переменную TMP . Потенциально TEMP и TMP могут указывать на разные каталоги, но обычно совпадают.
%ROGRAMFILES%	Путь к каталогу Program Files.
%PROGRAMFILES(x86)%	Путь к каталогу Program Files (x86) в 64-разрядных системах для приложений архитектуры x86 .
%PATH%	Указывает путь поиска исполняемых файлов.

Изменение переменных¶

Чтобы изменить значение переменной, используется команда SET , например:

How to Rename User and User Folder in Windows 7, 8, 8.1 or 10 OS.

If you ‘re using a Windows 10/8 or 7 personal computer (not part of a Domain) and you want to rename the user account name and the related User Profile folder name then this tutorial may be useful for you. As you may know when you change the username of a user in Windows, the related user folder remain unchanged and you must perform some additional steps to accomplish this. In this tutorial you ‘ll learn how to rename a user in Windows and how to rename the user folder in order to match the name of the user.

How to Rename User and User Profile Folder in Windows 10/8/7 *

* Important: To apply the steps below you must sign into Windows, by using an account with Administrative privileges.

Assumption: Let’s suppose that the current username and the related profile folder is named «Josh» and you want to change the account name and the profile folder name to «Joshua».

Step 1. Rename the User from User Account Properties.

To change the username of a local account in Windows:

1. Press simultaneously the Windows + R keys to open the run command box.

2. Type netplwiz & Press Enter.

3. Highlight the user that you want to rename and select Properties.

4. Then change the current User name (e.g. «Josh) with the new one (e.g «Joshua»)
5. When done click Apply and OK twice to close all open windows.

Step 2. Change the User Profile Folder Path in Registry.

1. Open Registry Editor: To do that:

• • Press simultaneously the Windows + R keys to open the run command box.
  • Type regedit & Press Enter.

2. Navigate to the following key at the left pane:

3. Click at any “S-1-5-21-xxx…” registry key, until you find which one contains the path for your profile folder at the «ProfileImagePath» REG_DWORD value.

* e.g. If your Username is “Josh” then see which S-1-5-21-xxx…” registry key, contains the “C:\Users\Josh” value at ProfileImagePath.

4. When you find that key, double click at ProfileImagePath and rename the current path (profile folder name) to the new one. *

* e.g. At this example we proceed to change the «C:\Users\Josh» folder name, with the new folder name «C:\Users\Joshua».

5. When done, click OK.

6. Close Registry Editor and Restart your computer.

Step 3. Rename the User Profile Folder.

1. After restart you ‘ll be sign to a temporary profile (empty profile) with the message «We can’t sign in to your account». (Click Close at this message and continue below).

2. Open Windows Explorer and explore the contents of the «C:\Users» folder.
3. Right click on the user profile folder (e.g. «Josh» in this example) and choose Rename.
4. Type the new name for the profile folder (e.g. «Joshua» in this example) and press Enter.
5. Click Continue when asked to provide administrator permission to rename the folder. *

* Note: If you receive an «Access denied» error, when you try to rename the user folder, then try to rename the folder in Safe Mode or try the following:

1. Open Command Prompt as Administrator.
2. Type the following command and press enter: net user administrator /active:yes
3. Restart the computer and login as Administrator
4. Rename the user profile folder.
5. Restart again and login to the (renamed) user.
6. If everything is OK, then disable the administrator account by typing this command (in Command Prompt Admin): net user administrator /active:no

6. Restart your computer to login to your profile with all files and settings untouched!

Step 4. FIX Invalid Registry References.

The next step, is to fix in the Registry, the references to the old profile folder. To do that:

1. Download the Registry Finder utility in an archive format, according your Windows version (32 or 64Bit) and extract the download file (RegistryFinder.zip).
2. From the extracted folder, double click to run the RegistryFinder application.

3. In Registry Finder, click the Edit menu and choose Find.
4. Type the old folder name (e.g. Josh») and click Find.

5. When the search is completed, click Edit and choose Replace in Find Results.

6. At ‘Find what’ field type the old name (e.g. Josh») and in the ‘Replace with’ field type the new name (e.g. Joshua). When done, click Replace.

7. When the operation is completed, you should receive an error message that says «error encountered». Just ignore the error message and click No to close the window.

8. Close the Registry Finder and restart your PC.

Step 5. Rebuild the Search Index.

The final step is to rebuild the search index. To do that:

1. Navigate to Windows Control Panel and open Indexing Options.*

* If you don’t see the Indexing Options, set the View (View by) to Small icons.

2. At Indexing Options click Advanced.

3. At Troubleshooting section, click the Rebuild button.

4. Press OK to rebuild the Index.
5. Wait until the index rebuilding is completed and then restart your computer again.

That’s all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this problem.