What is User Principal Name (UPN)
User Principal Name (UPN) is a user identifier for logging in or a login name in Active Directory. A UPN consists of a UPN prefix (a user account name ) and a UPN Suffix (a DNS domain name) and these are joined using the '@' symbol.
For example, "anandp@anandpnair.com" in this 'anandp' is UPN prefix and "anandpnair.com" is UPN Suffix
Why do we need a UPN Suffix?
The internal domain is techdc.local and if we want users to login with the "anandpnair.com" domain
Implementing office 365 in the organization
If the software requires the user UPN to match the email address for authentication
How to Add UPN in Active Directory GUI
Click Start and search for Active Directory Domain and Trusts, click on it
Right-click on Active Directory Domain and Trusts, and then choose Properties.
On the UPN Suffix tab, enter the UPN Suffix in Alternative UPN Suffixes, select ADD, for an example here I had added (anandpnair.com) as an alternative UPN suffix
Once it's added you can see the UPN suffix in the box click on Apply and OK to finish to add the alternative UPN Suffix successfully
How to select the alternative UPN suffix for a user account and update an existing one
While creating a new User Object in the user Logon name field select the alternative UPN suffix (anandpnair.com)
To update an existing one right-click on the user account and select properties, in the Account tab change the UPN suffix from "tchdc.local" to "anandpnair.com" and click on Apply and Ok to finish the changes
How to Add UPN in Active Directory Powershell
Note: Run Powershell in Administrative Privilege
To get the current list of Alternative UPN Suffix
Get-ADForest | Format-list UPNSuffixes
To add an Alternative UPN Suffix
Get-ADForest | Set-ADForest -UPNSuffixes @{add="cloudtekspace.com"}
This will add the Alternative UPN suffix "cloudtekspace.com" validate using the Get-Adforest Command
Change UPN Suffix using Powershell
To get the current list of users with UPN suffix run the below command
Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, USerPrincipalName
Two users Ajith k and Arjun VC is having UPN suffix as "techdc. local", to update the users to alternative UPN "anandpnair.com" from "techdc.local" run the below command
$LocalUsers= Get-ADUser -Filter "UserPrincipalName -Like '*techdc.local'" -Properties UserPrincipalName -ResultPageSize $null
$LocalUsers | foreach {$newUpn = $_.Userprincipalname.Replace("@techdc.local","@anandpnair.com"); $_| Set-ADUser -UserPrincipalName $newUpn}Once it's completed the user's UPN is updated to "anandpnair.com"
To update users on specific OU you can use the below PowerShell command
Get-ADUser -Filter * -SearchBase "OU=Employees,DC=techdc,DC=local" | Sort-Object Name | Format-Table Name, USerPrincipalName
You can see the user Bruce C is having "techdc.local" as UPN suffix in this OU, use the below PowerShell command to update the UPN suffix for users in the OU
$LocalUsers= Get-ADUser -Filter {UserPrincipalName -Like '*techdc.local'} -SearchBase "OU=Employees,DC=techdc,DC=local" -Properties UserPrincipalName -ResultSetSize $null
$LocalUsers= Get-ADUser -Filter {UserPrincipalName -Like '*techdc.local'} -SearchBase "OU=Employees,DC=techdc,DC=local" -Properties UserPrincipalName -ResultSetSize $null
Once it's completed the user Bruce C UPN is updated to "anandpnair.com"