PowerShell: Bulk Rename Computers in Active Directory by Serial Number
Automate the renaming of Active Directory computer objects using their hardware serial numbers with this production-ready PowerShell script.
4 min readUpdated March 29, 2026
Overview
Renaming computers in Active Directory to match a standard naming convention is a common requirement for IT teams managing large fleets. This script reads each computer's hardware serial number via WMI/CIM and renames the AD object to a prefix plus serial format such as WS-ABC1234567.
This is especially useful after imaging, where machines are given generic names that need to be standardised before group policies and compliance tooling can identify them correctly.
Prerequisites
- Windows Server with the Active Directory PowerShell module (
RSAT-AD-PowerShell) - Domain admin or delegated permission to rename computer objects
- WinRM enabled on target machines (for remote CIM queries)
- PowerShell 5.1 or later (PowerShell 7.6 LTS recommended)
- The Active Directory module works with both PowerShell 5.1 and 7.6 LTS via the Windows Compatibility layer
The Script
powershell
<#
.SYNOPSIS
Bulk rename AD computers using their hardware serial number.
.DESCRIPTION
Queries each computer in the target OU for its BIOS serial number,
then renames the AD object to a standardised format.
.PARAMETER OUPath
Distinguished name of the OU containing target computers.
.PARAMETER Prefix
Naming prefix, e.g. "WS-" for workstations or "LT-" for laptops.
.PARAMETER WhatIf
Preview changes without applying them.
#>
param(
[Parameter(Mandatory)]
[string]$OUPath,
[string]$Prefix = "WS-",
[switch]$WhatIf
)
Import-Module ActiveDirectory -ErrorAction Stop
$computers = Get-ADComputer -Filter * -SearchBase $OUPath -Properties Name, DNSHostName
foreach ($computer in $computers) {
try {
# Query the serial number from the remote machine
$serial = (Get-CimInstance -ClassName Win32_BIOS -ComputerName $computer.DNSHostName -ErrorAction Stop).SerialNumber
if ([string]::IsNullOrWhiteSpace($serial) -or $serial -eq "To Be Filled By O.E.M.") {
Write-Warning "Skipping $($computer.Name): no valid serial number found."
continue
}
# Clean the serial — remove spaces and special characters
$cleanSerial = ($serial -replace '[^a-zA-Z0-9]', '').ToUpper()
$newName = "$Prefix$cleanSerial"
# Truncate to 15 characters (NetBIOS limit)
if ($newName.Length -gt 15) {
$newName = $newName.Substring(0, 15)
}
if ($computer.Name -eq $newName) {
Write-Host "SKIP $($computer.Name) — already named correctly." -ForegroundColor Gray
continue
}
if ($WhatIf) {
Write-Host "WHATIF: Would rename $($computer.Name) -> $newName" -ForegroundColor Cyan
} else {
Rename-ADObject -Identity $computer.DistinguishedName -NewName $newName
Set-ADComputer -Identity $computer.DistinguishedName -SAMAccountName "$newName$"
Write-Host "RENAMED $($computer.Name) -> $newName" -ForegroundColor Green
}
} catch {
Write-Warning "ERROR on $($computer.Name): $_"
}
}
Usage
Preview mode (recommended first run)
powershell
.\Rename-ComputersBySerial.ps1 -OUPath "OU=Workstations,DC=corp,DC=cyberitex,DC=com" -Prefix "WS-" -WhatIf
Apply changes
powershell
.\Rename-ComputersBySerial.ps1 -OUPath "OU=Workstations,DC=corp,DC=cyberitex,DC=com" -Prefix "WS-"
Laptop OU with different prefix
powershell
.\Rename-ComputersBySerial.ps1 -OUPath "OU=Laptops,DC=corp,DC=cyberitex,DC=com" -Prefix "LT-"
Warning
Renaming a computer in AD does not rename the local hostname. After running this script, the machine will need a local rename (or a reboot if renamed via Rename-Computer remotely) to match the new AD name.
How It Works
- Queries AD for all computer objects in the specified OU
- Connects to each machine via CIM/WinRM to read the BIOS serial number
- Cleans the serial by removing special characters and converting to uppercase
- Renames the AD object and updates the SAMAccountName to match
- Skips machines that already have the correct name or have no valid serial
Troubleshooting
| Problem | Cause | Fix |
|---|---|---|
Get-CimInstance fails | WinRM not enabled on target | Run Enable-PSRemoting -Force on the target machine |
| Serial shows "To Be Filled By O.E.M." | OEM did not program the BIOS serial | Manually set a serial or use a different identifier like asset tag |
| Rename fails with "Access denied" | Insufficient AD permissions | Run as Domain Admin or delegate rename rights on the OU |
| Name exceeds 15 characters | Long serial number | The script auto-truncates, but verify the result is still unique |
Next Steps
- Schedule this script to run after new device imaging using a post-deployment task
- Combine with OU placement scripts to sort devices by type before renaming
- Export a CSV of all renames for audit and asset tracking purposes
PowerShellActive DirectoryAutomationWindows Server
Related Articles
Coding & AutomationPowerShell: Automate New User Provisioning in Active Directory and Microsoft 365A comprehensive PowerShell script to create new users in Active Directory and assign Microsoft 365 licences, mailboxes, and group memberships in one step.Read GuidesHow to Enrol a Windows 11 Device in Microsoft IntuneStep-by-step guide to enrolling a Windows 11 PC in Microsoft Intune for device management, compliance policies, and app deployment.Read
Was this article helpful?