Active DirectoryMicrosoft TechnologiesWindows Server

How to change UPN (User Principle Name) suffix for entire domain?

In organization, company may need to use multiple UPN suffixes for their operations. I wrote an article before explaining how to add multiple UPN suffixes to the domain. You can read it from http://www.rebeladmin.com/2015/01/how-to-configure-multiple-user-principal-name-upn-suffixes/

There are situation where you will need to do mass UPN suffix change. One of the recent challenge I face was, changing domain name suffix which end with .local to public domain name which ends with .com. because I was working with Azure AD integration with local AD. It only supports with public domain name. In my issue it was only few users since its demo, but what happen if you need to change it for hundreds of users? If you use manual method it will take ages to complete.

In following demo I am going to show how it can be done using power shell script.

In AD I have 3 users under “Test OU” called user1 to user3. All 3 are using canitpro.local as the UPN suffix.

suffix1

I need to change all users in to UPN suffix “rebeladmin.com”.

To do that, open PowerShell ISE with appropriate admin permissions.

suffix2

Then type and press enter,

Import-Module ActiveDirectory
$oldSuffix = "canitpro.local"
$newSuffix = "rebeladmin.com"
$ou = "DC=canitpro,DC=local"
$server = "DCM1"
Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -server $server -UserPrincipalName $newUpn
}

In above $oldSuffix represent the old domain UPN suffix. $newSuffix represent the new UPN suffix it should change in to. $ou represent the search path. You can use specific OU or entire domain. I used entire domain for the demo. $server represent the DC server name.

suffix4

Now, let’s go and check if it’s changed. As we can see its changed in to new suffix.

suffix5

If you have any question about the post feel free to contact me on rebeladm@live.com

Related posts
Cyber SecurityMicrosoft Entra IDMicrosoft Technologies

Microsoft Entra lifecycle workflows Part 02 - How to synchronize value for employeeHireDate attribute from on-premises Active Directory ?

In my previous blog post, I explained how we can automate JML (Joiners/Movers/Leavers) process by…
Read more
Azure servicesMicrosoft Entra IDMicrosoft Technologies

Step-by-Step Guide : Automate JML(Joiners/Movers/Leavers) process with Microsoft Entra lifecycle workflows

JML (Joiners/Movers/Leavers) process of an organization has a major impact on its security and…
Read more
Cyber SecurityMicrosoft DefenderMicrosoft Technologies

Microsoft Defender for Identity Part 02 – Create Directory Service Account

In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender…
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *