top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
Search
  • Writer's pictureRenan Antonio Rodrigues
    • Jan 3, 2017
    • 2 min read

How to add UPN suffixes in Active Directory

If you want to know how to add a second UPN suffix in your Active Directory environment and how to update all domain users to use it, this post shows how to do that in a very easy way.


The User Principal Name (UPN) suffix is part of the logon name in Active Direcoty and when you create a new account, by default it will use the DNS name for your AD domain.


For example, your local domain name is contoso.local then, your user will have a logon name like user@contoso.local


In given times, you will have the needed of adding a new UPN in your forest domain, a good reason for that, for instance, is when you are implementing Office 365 in your company.


In few words, in order to be able to synchronize your on-premises directory with Office 365, you need to have a verified domain in both Azure Active Directory and Office 365, it means that this domain must be a valid Internet domain on the Internet.


How to do that?


1 - Log in to a Domain Controller with a domain administrator account;


2 - Open Active Directory Domains and Trusts;


3 - In the Active Directory Domains and Trusts management console, right-click Active Directory Domains and Trusts in the left pane and select Properties from the menu.



4 - In the dialog box on the UPN Suffixes tab, type the name of the suffix that you would like to add to your AD forest in the Alternate UPN suffixes box.

5 - Click Add and then Ok.


6 - In the end, you will have set a new UPN to your Forest Domain and now, you can choose which UPN you want to use for your users:


7 - Alternatively, if you have too many users to change the UPN, consider to use PowerShell:


Run the following Windows PowerShell commands to update all contoso.local suffixes to contoso.com:

$LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*contoso.local'} -Properties userPrincipalName -ResultSetSize $null
$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("contoso.local","contoso.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

References:

https://support.office.com/en-us/article/how-to-prepare-a-non-routable-domain-such-as-local-domain-for-directory-synchronization-e7968303-c234-46c4-b8b0-b5c93c6d57a7


For any doubts or suggestions, please leave a comment below.

1,702 views0 comments

Recent Posts

See All
bottom of page