This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 91%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIK%3C/text%3E%3C/svg%3E)
Hello,
I have an Exchange 2016 environment.
Creating a Destitution\Security group from the ECP, creates the group's SAMAccountName with a random number:
Display Name: Test Group
CN: Domain.com/Groups/Test Group
SamAccountName: Test Group-1-396684025
I know the reason for this problem is because it is generating the SAMAccountName since that spot was "blank".
I have found all the scripts that can "fix" this issue by CLI solutions.
I couldn't find a root solution to this problem.
I have a problem - our Helpdesk are the one that creates these groups, and they cannot use the CLI, only from the ECP.
Is there really no root solution (CU or some KB) for this problem?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @irena kon ,
I know the reason for this problem is because it is generating the SAMAccountName since that spot was "blank".
Exactly. There isn't a field for SamAccountName in ECP when creating a group, so a value which includes a random number will be automatically generated by AD.
Regarding your concern about a "root solution (CU or some KB)", I am currenly using Exchange 2016 CU20 in my test lab and the behavior is still the same on my end. CU21 has been released a few days a ago, but the release note doesn't mention anything about the SAMAccountName field.
I have a problem - our Helpdesk are the one that creates these groups, and they cannot use the CLI, only from the ECP.
As you have mentioned, usually it's suggested to use Exchange powershell to specify a value for SAMAccountName, but considering that your Helpdesk cannot use command line to manage groups, another workaround I can think of is to modify the SAMAccountName value using ADUC(Active Directory Users and Computers), supposing they can use it.
Update:
In case manually editing the SamAccountName via Active Directory Users and Computers is not an acceptable option for you either, it's suggested to create a scheduled task to run the Exchange powershell, updating the SamAccountNames for all distribution groups automatically:
1.Prepare the Exchange powershell script file(.ps1) which includes the command below:
Get-DistributionGroup | foreach {Set-DistributionGroup $_.name -SamAccountName $_.name}
2.Open the Task Scheduler, click Create Basic Task...
(Note: Make sure the machine has Exchange PowerShell Management Tools installed already.)
3.Give the task a name, let's say "UpdateSamAccountName", set the Trigger, for example, Daily, start at 10 AM:
4.Click Next, choose Start a program, Next. On the subsection, Enter:
In the Program/Script, type C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
In the Add Arguments (Optional) ,type below (Replace "C:\Update_SamAccountName.ps1" with your script path.)
-command ". 'c:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\Update_SamAccountName.ps1
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @irena kon ,
I am writing to see how everything is going on with this thread. If you have any questions or need further help on this issue, please feel free to post back.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 71%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi, @Yuki Sun-MSFT
Thank you for answering.
I know the option of doing a manual deletion in AD, this is what we're doing today.
unfortunately I can’t trust the HelpDesk team to do this and have no way to ensure it was done.
I'm looking for a solution without manual action.
Is this the last option for us?
Hi @Maayana ,
An alternative I'd recommend is to schedule PowerShell Exchange script using the Windows Task Scheduler, so that it can run the Exchange powershell automatically at backend to update the samaccountnames.
Due to the character limit of a comment, I'll update my answer earlier to cover the steps of scheduling powershell Exchange script, hopefully you can find it helpful.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.