A UPN is the name of a AD user in an email address format. It is used by domain-joined users to login to their domain-joined computer using their domain user account. UPN is Active Directory username with preceding suffixes of the “@” symbol and followed by name of the domain which the user is associated with, for example. Bipin@mustbegeek.com. This UPN is based on the Internet RFC 822 standard. Most of the organization require using of multiple UPN Suffixes (The domain name part, right side of the “@” symbol) for their convenience. At some point you might want to change the UPN suffixes of some or all users in the Active Directory Forest. In this article we will explore how to change UPN of Domain users in Active Directory using different methods.
Add Alternative UPN Suffixes using Active Directory Domains and Trusts
The first thing is before you could change the UPN suffix you must add an alternate UPN suffix. This will show the new UPN suffix in drop down menu of the user properties while creating or editing a user account in Active Directory. You can do this using the Active Directory Domains and Trusts snap-in. Open Active Directory Domains and Trusts snap-in from Administrative Tools → Right click on the console root Active Directory Domains and Trusts → Click Properties as shown below.
This will open the Active Directory Domains and Trusts Properties, here type in the required alternate UPN suffix in the Alternative UPN Suffixes: Field → Click ADD → and then click OK to save and close the Properties window. I am adding “MustBeGeek.com” as a alternate UPN Suffix for my domain as shown below.
Once you have added the Alternate UPN Suffix in the Active Directory Domains and Trusts, you can now see the new domain in the drop down list of user properties under the logon name domain portion.
Change UPN of Domain Users in Active Directory:
To change the UPN Suffix of a given user, open Active Directory Users and Computers → Locate and Right click on the user account →. Click on Properties → navigate to the Account tab → select the required UPN Suffix and click OK as shown below
Although you can easily change the UPN suffix through Active Directory. Users and Computer, in some case you may have to change the default. UPN suffix to multiple of users. In this case its practically very time consuming task. However, you can bulk edit the UPN suffix in two ways. First one is by again using the “Active Directory Users and Computer” and the other method is by using. PowerShell ActiveDirectory Module. To change. UPN Suffix for multiple users using “Active Directory Users and Computer” but you will be able to edit users under one OU at time. To do this browse through the Active Directory and select all the users for which you have the change the. UPN Suffix and click Properties as shown below.
In the Properties of Multiple Items selected, navigate to the Account tab → enable the check box for UPN Suffix → Select the required UPN Suffix → and then click OK to update the changes to all users as shown below.
Change the UPN suffix through PowerShell using ActiveDirectory Module
Now, let us see how we can change the UPN suffix through PowerShell using ActiveDirectory Module. Before we begin we must understand that in ActiveDirectory the UPN suffix is not treated as seperate entity or attribute, rather it is a part of UPN Attribute. This means that you cannot modify just the UPN Suffix, you must update the whole UPN attribute. The problem is, UPN attribute contains the “UserName” + “@” + “Old_UPN_Suffix”, here you have to temporarily hold the Username and then update it with new UPN Suffix. Let us see how we can do this.
First we have to Import Active Directory Module
Import-Module ActiveDirectory
Add few variables
$OldUPNSuffix="mustbegeek.local" $NewUPNSuffix="mustbegeek.com" $server="MBG-DC01" $DN="OU=TEst,OU=Management,OU=MBG-Users,DC=mustbegeek,DC=local"
Get the AD users from the OU
Get-ADuser -SearchBase $DN -Filter *
Pipe the output of the above command to a. ForEach loop to initiate changing UPN suffix on each user under the OU.
Get-ADuser -SearchBase $DN -Filter * | Foreach-Object { $NewUPN=$null $NewUPN= $_.UserPrincipalName.Replace($OldUPNSuffix, $NewUPNSuffix) $_|Set-ADuser -server $server -UserPrincipalName $NewUPN }
All Put together:
Import-Module ActiveDirectory #Variables - Change these as nessessary $OldUPNSuffix="mustbegeek.local" $NewUPNSuffix="mustbegeek.com" $server="MBG-DC01" #Distnguished Name of the OU $DN="OU=TEst,OU=Management,OU=MBG-Users,DC=mustbegeek,DC=local" #Process Get-ADuser -SearchBase $DN -Filter * | Foreach-Object { $NewUPN=$null $NewUPN= $_.UserPrincipalName.Replace($OldUPNSuffix, $NewUPNSuffix) $_|Set-ADuser -server $server -UserPrincipalName $NewUPN }
In this way you can change UPN of domain users in Active Directory.


Latest posts by Bipin (see all)
- Install Exchange 2019 in Windows Server 2019 - November 28, 2020
- Why Backup your Microsoft Office 365 - November 27, 2020
- What’s New in VMware vSphere 7 - September 18, 2020