diff --git a/bin/admin/rename-group.sh b/bin/admin/rename-group.sh
index b586ff2..eb97ef0 100755
--- a/bin/admin/rename-group.sh
+++ b/bin/admin/rename-group.sh
@@ -1,5 +1,7 @@
 #! /usr/bin/env bash
 # vim: set filetype=sh ts=4 sw=4 sts=4 et:
+basedir=$(readlink -f "$(dirname "$0")"/../..)
+
 from=$1
 to=$2
 
@@ -18,10 +20,11 @@ really_run_commands=0
 
 _run()
 {
+    local ret
     if [ "$really_run_commands" = "1" ] ; then
         echo "Executing: $*"
-        read -r ___
-        "$@"
+        "$@"; ret=$?
+        echo "... return code: $ret"
     else
         echo "DRY RUN: would execute: $*"
     fi
@@ -35,35 +38,21 @@ _run groupmod -n "key$to" "key$from"
 
 getent passwd "key$from" >/dev/null || fail "user key$from doesn't exist"
 getent passwd "key$to"   >/dev/null && fail "user key$to already exists"
-_run usermod -l "key$to" "key$from"
-
-if getent group "key$from-gatekeeper" >/dev/null ; then
-    # key$from-gatekeeper might not exist if the group name was too long from the beginning
-    getent group "key$to-gatekeeper"   >/dev/null && fail "group key$to-gatekeeper already exists"
-    _run groupmod -n "key$to-gatekeeper" "key$from-gatekeeper"
-fi
-
-if getent group "key$from-owner" >/dev/null ; then
-    # key$from-owner sometimes doesn't exist for old groups, so nevermind
-    getent group "key$to-owner" >/dev/null && fail "group key$to-owner already exists"
-    _run groupmod -n "key$to-owner" "key$from-owner"
-fi
-
 test -d "/home/key$from" || fail "directory /home/key$from doesn't exists"
 test -d "/home/key$to"   && fail "directory /home/key$to already exists"
-_run mv -v "/home/key$from" "/home/key$to"
+_run usermod -m -d /home/"key$to" -l "key$to" "key$from"
+
+for suffix in gatekeeper aclkeeper owner; do
+    if getent group "key$from-$suffix" >/dev/null ; then
+        getent group "key$to-$suffix"   >/dev/null && fail "group key$to-$suffix already exists"
+        _run groupmod -n "key$to-$suffix" "key$from-$suffix"
+    fi
+done
 
 test -d "/home/keykeeper/key$from" || fail "directory /home/keykeeper/key$from doesn't exists"
 test -d "/home/keykeeper/key$to"   && fail "directory /home/keykeeper/key$to already exists"
 _run mv -v "/home/keykeeper/key$from" "/home/keykeeper/key$to"
 
-if test -e "/etc/sudoers.d/osh-group-key$from" ; then
-    # if exists, will move it
-    test -e "/etc/sudoers.d/osh-group-key$to" && fail "file /etc/sudoers.d/osh-group-key$to already exists"
-    _run mv -v "/etc/sudoers.d/osh-group-key$from" "/etc/sudoers.d/osh-group-key$to"
-    _run sed -i -re "s/key$from/key$to/g" "/etc/sudoers.d/osh-group-key$to"
-fi
-
 keykeeper="/home/keykeeper/key$from"
 [ "$really_run_commands" = "1" ] && keykeeper="/home/keykeeper/key$to"
 # shellcheck disable=SC2044
@@ -96,13 +85,16 @@ do
     _run rm -vf "$fromfile"
     _run ln -vs "/home/key$to/allowed.ip" "$tofile"
 done
+
+_run "$basedir"/bin/sudogen/generate-sudoers.sh create group "key$to"
+_run "$basedir"/bin/sudogen/generate-sudoers.sh delete group "key$from"
 }
 
 
 really_run_commands=0
 batchrun
 echo
-echo "OK to proceed ? (CTRL+C to abort). You'll still have to validate each commands I'm going to run"
+echo "OK to proceed ? (CTRL+C to abort)"
 # shellcheck disable=SC2034
 read -r ___
 really_run_commands=1