Add UPN suffix in Active Directory

There are two ways to add an alternative UPN suffix to Active Directory (AD), one way is with the GUI, and the other is with PowerShell. In this article, you will learn how to add a UPN suffix in both ways. Also, you will know what a UPN suffix is and why you need to add a UPN suffix.

Table of contents

What is a UPN suffix

The User Principal Name (UPN) suffix is part of the logon name in AD. When you create a new account, it will use the DNS name of your AD domain by default. For example, your local domain name is alitajran.local, and you want to create a new user. The user that you want to create is John Doe. The standard in the organization for creating new users is first.lastname. The logon name will be john.doe@alitajran.local. What if you want it to be john.doe@alitajran.com?

Why do you need a UPN suffix

Some examples of why you need to add an alternative UPN suffix:

  • Implementing Office 365 in the organization
  • The internal domain is a domain.local and you want users to sign in with domain.com domain
  • New software that requires the users UPN to match the user’s email address

Add UPN in Active Directory with GUI

The following steps will add an alternative UPN suffix in AD with GUI.

Click Start and search for Active Directory Domains and Trusts, and click on it. You can also press Windows key + R to open the Run dialog, and then type in domain.msc, and then choose OK.

On the Active Directory Domains and Trusts window, right-click Active Directory Domains and Trusts, and then choose Properties.

Change users upn with powershell properties

On the UPN Suffixes tab, in the Alternative UPN Suffixes box, type your new UPN suffix, and then choose Add. Click OK.

Change users upn with powershell add UPN suffix

The alternative UPN suffix is added successfully.

Add UPN in Active Directory with PowerShell

The following steps will add an alternative UPN suffix in AD with PowerShell.

Run PowerShell as administrator. Get a list of the UPN suffixes.

PS C:\> Get-ADForest | Format-List UPNSuffixes

UPNSuffixes : {}

It’s not showing any UPN suffixes, which means it’s empty. So we will run the Set-ADforest cmdlet to add the UPN suffix. Let’s add the UPN suffix www.alitajran.com.

PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes @{add="www.alitajran.com"}

Confirm that the UPN suffix is added successfully.

PS C:\> Get-ADForest | Format-List UPNSuffixes

UPNSuffixes : {www.alitajran.com}

That’s it!

Read more: Change Users UPN automatically with scheduled task »

Conclusion

You learned what a UPN suffix is. You also learned, why you need a UPN suffix and how to add a UPN suffix in Active Directory. A UPN suffix or suffixes can be added with the GUI or with PowerShell. Microsoft did write an excellent document about the Set-ADforest cmdlet.

Did you enjoy this article? You may also like Change Users UPN with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *