Add UPN Suffix in Active Directory

Updated: Jul 8

What is User Principal Name (UPN)


User Principal Name (UPN) is a user identifier for logging in or a login name in Active Directory. A UPN consists of a UPN prefix (a user account name ) and a UPN Suffix (a DNS domain name) and these are joined using the '@' symbol.


For example, "anandp@anandpnair.com" in this 'anandp' is UPN prefix and "anandpnair.com" is UPN Suffix


Why do we need a UPN Suffix?

  1. The internal domain is techdc.local and if we want users to login with the "anandpnair.com" domain

  2. Implementing office 365 in the organization

  3. If the software requires the user UPN to match the email address for authentication

How to Add UPN in Active Directory GUI


Click Start and search for Active Directory Domain and Trusts, click on it



Right-click on Active Directory Domain and Trusts, and then choose Properties.


On the UPN Suffix tab, enter the UPN Suffix in Alternative UPN Suffixes, select ADD, for an example here I had added (anandpnair.com) as an alternative UPN suffix


Once it's added you can see the UPN suffix in the box click on Apply and OK to finish to add the alternative UPN Suffix successfully


How to select the alternative UPN suffix for a user account and update an existing one


While creating a new User Object in the user Logon name field select the alternative UPN suffix (anandpnair.com)

To update an existing one right-click on the user account and select properties, in the Account tab change the UPN suffix from "tchdc.local" to "anandpnair.com" and click on Apply and Ok to finish the changes




How to Add UPN in Active Directory Powershell

Note: Run Powershell in Administrative Privilege


To get the current list of Alternative UPN Suffix

Get-ADForest | Format-list UPNSuffixes

To add an Alternative UPN Suffix

Get-ADForest | Set-ADForest -UPNSuffixes    @{add="cloudtekspace.com"}

This will add the Alternative UPN suffix "cloudtekspace.com" validate using the Get-Adforest Command


Change UPN Suffix using Powershell


To get the current list of users with UPN suffix run the below command

Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, USerPrincipalName

Two users Ajith k and Arjun VC is having UPN suffix as "techdc. local", to update the users to alternative UPN "anandpnair.com" from "techdc.local" run the below command

$LocalUsers= Get-ADUser -Filter "UserPrincipalName -Like '*techdc.local'" -Properties UserPrincipalName -ResultPageSize $null
$LocalUsers | foreach {$newUpn = $_.Userprincipalname.Replace("@techdc.local","@anandpnair.com"); $_| Set-ADUser -UserPrincipalName $newUpn}

Once it's completed the user's UPN is updated to "anandpnair.com"


To update users on specific OU you can use the below PowerShell command
Get-ADUser -Filter * -SearchBase "OU=Employees,DC=techdc,DC=local" | Sort-Object Name | Format-Table Name, USerPrincipalName

You can see the user Bruce C is having "techdc.local" as UPN suffix in this OU, use the below PowerShell command to update the UPN suffix for users in the OU

$LocalUsers= Get-ADUser -Filter {UserPrincipalName -Like '*techdc.local'} -SearchBase "OU=Employees,DC=techdc,DC=local" -Properties UserPrincipalName -ResultSetSize $null
$LocalUsers= Get-ADUser -Filter {UserPrincipalName -Like '*techdc.local'} -SearchBase "OU=Employees,DC=techdc,DC=local" -Properties UserPrincipalName -ResultSetSize $null

Once it's completed the user Bruce C UPN is updated to "anandpnair.com"




56 views0 comments

Recent Posts

See All