Valid reasons for requesting a user ID change

In the past, clients have requested a user ID change usually for two reasons:

  • A legal name change (e.g. marital status)
  • A user ID implies a questionable meaning.

Why a user ID change can cause issues

While University of Waterloo Identity and Access Management (WatIAM) can make some changes automatically, there are many manual steps in performing a rename. Human Resources or the Registrar's Office starts the process.

  • Rename the account in WatIAM. This process has caused trouble in the past, with failed updates downstream etc.
  • Rename any Exchange or mail services account, and update the mail routing address in WatIAM. There's a window here
    where mail can bounce - Exchange only synchronizes with University of Waterloo Lightweight Directory Access Protocol (UWLDAP) every 30 minutes.
  • Rename any Unix account - if it's forwarding mail there's another bounce window.
  • For those working in Academic Support, the name of the folder mapped on the N: drive needs to change on a user ID rename, and then the mapping to it is changed. The profile name also changes. Security groups are handled automatically (presumably by the Security Identifier (SID) being the key).
  • Change all user ID-based access control (e.g., for web pages)
  • Change login ID which on some systems may entail changing the home directory name
  • Change all user ID-based resource allocation configuration (e.g. lists of who gets accounts where recognizing that multiple staff are involved, multiple computing architectures are involved, and that in practice, some of what has to be changed will only be discovered later, when something fails to work).

These steps have to have the renames coordinated so they are done at the same time. Also, the user cannot be logged on.

  • Rename any mailing list subscriptions in mailman - and the person needs to deal with external lists.

Note: ADS tracks an account through the SID, and here we're renaming the SAMAccountName. So, Exchange can pick up changes in ADS without losing its "linkage". There are scripts in Exchange though that probably depend on the SAMAccountName, and that can break with renames. However, this brings up the point that some other universities have realized: using the user ID as the key to an account doesn't work in the face of account/user ID renames. Their obscure "user ID" is largely hidden and static, and a "friendly" version is more visible, used for renames, and can be easily changed.