We have several Administrative Users (actually AD groups) that have been assigned to security roles. Recently these groups were renamed in AD, however the old name still shows in the CM12 console and there is no option to rename them.

The properties on the Account in CM12 show the same SID (which hasn't changed), and trying to add a new user using the renamed group returns a message saying it is already an admin user.

So will the Account Name in the console eventually update on its own to show the new AD name or is there some other way to update it? Is the only option to remove and re-add to bring them back into sync?

Any suggestions appreciated,

Scott.

CM12 doesn't use the sid, it uses the NetBIOS name. you will need to reassign the new groups with CM12 

I'm not sure I understand what you are saying. How do I "re-assign"?

In the CM12 properties of the Admin User, CM12 has the AD SID displayed (and gives the option to copy to clipboard). If I try to add a new Admin User with the "new" name of the group, CM12 tells me it is already an Admin, so it must be aware that it is the same account based on something other than the NetBIOS name, which is different to the existing entries. If it doesn't use the SID, why does it bother to record and track it?

The only way I can find to re-assign is to delete the existing entries and re-create them again.

I have no idea why it trace the SID but it is not used. (It might be used in CM12 R2 RBAC and SSRS reporting but I have yet to confirm that yet but I doubt it uses it.). The best suggest is assign your personal account full access to the site. Make sure it works. Delete the old security groups from CM12. Add the new security groups and assign the permission that the old groups had.

These are additional groups we've created for Roles like App Manager, OSD Manager etc.

I've already deleted them and re-created them, but if that's the only option then it raises the question about the SID linkage that is being applied somehow.

Thanks for your input. I guess it's just a "can't be done" thing, but at least I know it's not just something I've missed.