diff --git a/services/user/user.go b/services/user/user.go
index d90fbac978..d682d5a434 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -47,7 +47,8 @@ func renameUser(ctx context.Context, u *user_model.User, newUserName string, doe
 	}
 
 	// Non-local users are not allowed to change their username.
-	if !u.IsOrganization() && !u.IsLocal() {
+	// If the doer is an admin, then allow the rename - they know better.
+	if !doerIsAdmin && !u.IsOrganization() && !u.IsLocal() {
 		return user_model.ErrUserIsNotLocal{
 			UID:  u.ID,
 			Name: u.Name,
diff --git a/services/user/user_test.go b/services/user/user_test.go
index 36f2776ad8..f1cab60a6d 100644
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@@ -145,10 +145,16 @@ func TestRenameUser(t *testing.T) {
 
 	t.Run("Non-Local", func(t *testing.T) {
 		u := &user_model.User{
+			ID:        2,
+			Name:      "old-name",
 			Type:      user_model.UserTypeIndividual,
 			LoginType: auth.OAuth2,
 		}
-		require.ErrorIs(t, RenameUser(db.DefaultContext, u, "user_rename"), user_model.ErrUserIsNotLocal{})
+		require.ErrorIs(t, RenameUser(db.DefaultContext, u, "user_rename2"), user_model.ErrUserIsNotLocal{UID: 2, Name: "old-name"})
+
+		t.Run("Admin", func(t *testing.T) {
+			require.NoError(t, AdminRenameUser(t.Context(), u, "user_rename2"))
+		})
 	})
 
 	t.Run("Same username", func(t *testing.T) {