Change UPN of Domain Users in Active Directory

A UPN is the name of a AD user in an email address format. It is used by domain-joined users to login to their domain-joined computer using their domain user account. UPN is Active Directory username with preceding suffixes of the “@” symbol and followed by name of the domain which the user is associated with, for example. Bipin@mustbegeek.com. This UPN is based on the Internet RFC 822 standard. Most of the organization require using of multiple UPN Suffixes (The domain name part, right side of the “@” symbol) for their convenience. At some point you might want to change the UPN suffixes of some or all users in the Active Directory Forest. In this article we will explore how to change UPN of Domain users in Active Directory using different methods.

Add Alternative UPN Suffixes using Active Directory Domains and Trusts

The first thing is before you could change the UPN suffix you must add an alternate UPN suffix. This will show the new UPN suffix in drop down menu of  the user properties while creating or editing a user account in Active Directory. You can do this using the Active Directory Domains and Trusts snap-in. Open Active Directory Domains and Trusts snap-in from Administrative Tools → Right click on the console root Active Directory Domains and Trusts  → Click Properties as shown below.

Change UPN of Domain Users in Active Directory

This will open the Active Directory Domains and Trusts Properties, here type in the required alternate UPN suffix in the Alternative UPN Suffixes: Field → Click ADD → and then click OK to save and close the Properties window.  I am adding “MustBeGeek.com” as a alternate UPN Suffix for my domain as shown below.

Active Directory Domains and Trusts

Once you have added the Alternate UPN Suffix in the Active Directory Domains and Trusts, you can now see the new domain in the drop down list of user properties under the logon name domain portion.

User Properties

Change UPN of Domain Users in Active Directory:

To change the UPN Suffix of a given user, open Active Directory Users and Computers → Locate and Right click on the user account →Click on Properties → navigate to the Account tab → select the required UPN Suffix and click OK as shown below

User Properties 2

Although you can easily change the UPN suffix through Active Directory. Users and Computer, in some case you may have to change the defaultUPN suffix to multiple of users. In this case its practically very time consuming task.  However, you can bulk edit the UPN suffix in two ways.  First one is by again using the “Active Directory Users and Computer” and the other method is by using. PowerShell ActiveDirectory Module.  To change. UPN Suffix for multiple users using “Active Directory Users and Computer” but you will be able to edit users under one OU at time.  To do this browse through the Active Directory and select all the users for which you have the change the. UPN Suffix and click Properties as shown below.

All Users Right Click Properties

In the Properties of Multiple Items selected, navigate to the Account tab  → enable the check box for UPN Suffix  → Select the required UPN Suffix  → and then click OK to update the changes to all users as shown below.

Multiple Items

Change the UPN suffix through PowerShell using ActiveDirectory Module

Now, let us see how we can change the UPN suffix through PowerShell using ActiveDirectory Module.  Before we begin we must understand that in ActiveDirectory the UPN suffix is not treated as seperate entity or attribute, rather it is a part of UPN Attribute.  This means that you cannot modify just the UPN Suffix, you must update the whole UPN attribute.  The problem is, UPN attribute contains the “UserName” + “@” + “Old_UPN_Suffix”, here you have to temporarily hold the Username and then update it with new UPN Suffix.  Let us see how we can do this.

First we have to Import Active Directory Module

Import-Module ActiveDirectory

Add few variables

$OldUPNSuffix="mustbegeek.local"
$NewUPNSuffix="mustbegeek.com"
$server="MBG-DC01"
$DN="OU=TEst,OU=Management,OU=MBG-Users,DC=mustbegeek,DC=local"

Get the AD users from the OU

Get-ADuser -SearchBase $DN -Filter *

Pipe the output of the above command to a. ForEach loop to initiate changing UPN suffix on each user under the OU.

Get-ADuser -SearchBase $DN -Filter * | Foreach-Object {
$NewUPN=$null
$NewUPN= $_.UserPrincipalName.Replace($OldUPNSuffix, $NewUPNSuffix)
$_|Set-ADuser -server $server -UserPrincipalName $NewUPN
}

All Put together:

Import-Module ActiveDirectory
#Variables - Change these as nessessary
$OldUPNSuffix="mustbegeek.local"
$NewUPNSuffix="mustbegeek.com"
$server="MBG-DC01"
#Distnguished Name of the OU
$DN="OU=TEst,OU=Management,OU=MBG-Users,DC=mustbegeek,DC=local"
#Process
Get-ADuser -SearchBase $DN -Filter * | Foreach-Object {
$NewUPN=$null
$NewUPN= $_.UserPrincipalName.Replace($OldUPNSuffix, $NewUPNSuffix)
$_|Set-ADuser -server $server -UserPrincipalName $NewUPN
}

In this way you can change UPN of domain users in Active Directory.

The following two tabs change content below.
Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. You can hire him on UpWork . Follow Bipin Giri on Google+. Bipin enjoys writing articles and tutorials related to Network technologies. Some of his certifications are, MCSE:Messaging, JNCIP-SEC, JNCIS-ENT, and others.