Changing the last name of a registered user of Drive Encryption 11.0


Article ID: 178335


Updated On:


Endpoint Encryption




This Knowledge Base article provides information on how to change the last name of a registered Drive Encryption user.

A managed and registered Drive Encryption user’s last name needs to be changed in the event of wedding or name change. For example, changing the name of a user from Alice Cameron to Alice Smith. Changing the last name of a registered user using the Symantec Endpoint Encryption Drive Encryption Administrator Command Line is not supported in the Symantec Endpoint Encryption 11.0 release.


Active Directory user creation

In Active Directory, each user account created has a user logon name and associated password. Moreover, the same user name is used to authenticate the identity of a user on a client computer, and then log on to Windows.

User registration process

In Symantec Endpoint Encryption 11.0, the user registration happens automatically when a user successfully logs on to a client computer using the Windows credentials for the first time after the Drive Encryption functionality is installed and the client computer is restarted.

During the user registration process, Drive Encryption also enables single sign-on authentication. This lets a registered user authenticate at the preboot authentication screen using a password, token, or both, and directly access a client computer without authenticating at the Windows logon screen again.

The registered Drive Encryption users are assigned to a client computer and the connection between the client computer and Symantec Endpoint Encryption Management Server is established.


When a Drive Encryption registered user request for a name change in Active Directory, the user must be added with a new user name in Active Directory by the administrator. The old user name must be deleted.

To change the last name of a registered user, perform the following steps:

  1. Log on as an Administrator.
  2. In the Active Directory, create a new Active Directory user name for the registered user without changing the security identifier (SID) of the user account.

    For more information on creating a new Active Directory user name with an existing SID, see the Microsoft's TechNet website.
  3. Provide the new user name that is created to the registered Drive Encryption user.
  4. Instruct the user to log off from the current user session and log on to Windows using the new user name on the client computer.
  5. When the user logs on using the new user name, the new user is automatically registered.
  6. Instruct the user to log on using the new user name at the preboot authentication screen the next time the user restarts the client computer.
  7. Enable Drive Encryption Self-Recovery for the new user name and instruct the user to enroll for self-recovery when the Drive Encryption Self-Recovery setup appears.
  8. Delete the old user name using the Drive Encryption Administrator Command Line.

Note: If the old user name still appears in the email client, try regenerating the offline address book.