How to install Exchange Online PowerShell V3 and connect to Exchange Online? A migration is…
Change Users UPN with PowerShell
You want to synchronize your on-premises users with Office 365. Before you do that, ensure you configure the UPN of the Users in Active Directory (AD). In this article, you will learn how to add a UPN suffix and how to change the AD Users UPN with PowerShell.
Table of contents
Information
Any UPN that contains a non-routable domain, for example, john.doe@local, will be synchronized to a .onmicrosoft.com domain, like john.doe@exoip.onmicrosoft.com. That is not how it should be.
If you currently use a .local domain for your user accounts in Active Directory, it’s recommended that you change them to use a verified domain. For example, john.doe@exoip.com, to properly sync with your Office 365 domain.
Add UPN in AD
The first step is to add the UPN suffix in Active Directory.
- Click Start and search for Active Directory Domains and Trusts, and click on it.
You can also press Windows key + R to open the Run dialog, type in domain.msc, and then choose OK.
- On the Active Directory Domains and Trusts window, right-click Active Directory Domains and Trusts, and then choose Properties.
- On the UPN Suffixes tab, in the Alternative UPN Suffixes box, type your new UPN suffix, and then choose Add. Click OK when finished.
The UPN is added successfully.
Add UPN in AD with PowerShell
We can add the UPN suffix in AD with PowerShell.
Run PowerShell as administrator. Get a list of the UPN suffixes.
PS C:\> Get-ADForest | Format-List UPNSuffixes
UPNSuffixes : {}
It’s not showing any UPN suffixes. This means that it’s empty. Let’s add the UPN suffix.
PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes @{add="exoip.com"}
Confirm that the UPN suffix is added successfully.
PS C:\> Get-ADForest | Format-List UPNSuffixes
UPNSuffixes : {exoip.com}
Change UPN for all AD Users
Now that we have set the UPN suffix in AD, we like to change the UPN for all the users in AD.
Let’s first start by getting a list of all the AD Users in the organization.
PS C:\> Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, UserPrincipalName
Name UserPrincipalName
---- -----------------
Administrator administrator@exoip.local
Amanda Morgan Amanda.Morgan@exoip.local
Amelia Nash Amelia.Nash@exoip.local
Change the UPN for all the AD users in the organization. Run the commands one by one.
PS C:\> $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*exoip.local'} -Properties UserPrincipalName -ResultSetSize $null
PS C:\> $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("exoip.local","exoip.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}
Confirm that the UPN is changed by running the Get-ADUser cmdlet.
PS C:\> Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, UserPrincipalName
Name UserPrincipalName
---- -----------------
Administrator administrator@exoip.com
Amanda Morgan Amanda.Morgan@exoip.com
Amelia Nash Amelia.Nash@exoip.com
The UPN is successfully changed for all the users in the organization. Suppose you like to change the UPN back to exoip.local, change the UPN in previous commands.
You may have a long list of users and want to verify if there are no .local addresses in the AD. Get a list of all users with .local UPN suffix. The output should be empty.
PS C:\> Get-ADUser -Filter {UserPrincipalName -like '*local'} | Sort-Object Name | Format-Table Name, UserPrincipalName
Change UPN for AD Users in a specific OU
You don’t have to change the UPN for all the users. It’s possible to change the UPN for a specific OU. Read more on how to get OUs with PowerShell.
Let’s first start by getting a list of the AD Users in a specific OU. We have an OU named Finance.
PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Format-Table Name, UserPrincipalName
Name UserPrincipalName
---- -----------------
Madeleine Fisher Madeleine.Fisher@exoip.local
Sebastian Nolan Sebastian.Nolan@exoip.local
Irene Springer Irene.Springer@exoip.local
Amelia Nash Amelia.Nash@exoip.local
Jasmina Wilson Jasmina.Wilson@exoip.local
Change the UPN for the AD users in the Finance OU. Run the commands one by one.
PS C:\> $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*exoip.local'} -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" -Properties UserPrincipalName -ResultSetSize $null
PS C:\> $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("exoip.local","exoip.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}
Confirm that the UPN is changed by running the Get-ADUser cmdlet.
PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Format-Table Name, UserPrincipalName
Name UserPrincipalName
---- -----------------
Madeleine Fisher Madeleine.Fisher@exoip.com
Sebastian Nolan Sebastian.Nolan@exoip.com
Irene Springer Irene.Springer@exoip.com
Amelia Nash Amelia.Nash@exoip.com
Jasmina Wilson Jasmina.Wilson@exoip.com
The UPN is successfully changed for the Finance users. Suppose you like to change the UPN back to exoip.local, change the UPN in previous commands.
You may have a long list of users, and you want to verify if there are no .local addresses in the AD OU. Get a list of all users with .local UPN suffix. The output should be empty.
PS C:\> Get-ADUser -Filter {UserPrincipalName -like '*local'} -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Sort-Object Name | Format-Table Name, UserPrincipalName
That’s it!
Now that the UPN is changed for the users, what if you want to change it automatically? Read more on how to Change Users UPN automatically with scheduled task.
In the next step, we will look at Microsoft IdFix – Directory synchronization error remediation tool.
Conclusion
You learned how to change Users UPN with PowerShell. Change all the users in Active Directory or only a selected OU. Remember to verify your work when done.
Did you enjoy this article? You may also like Add users to group with PowerShell. Don’t forget to follow us and share this article.
HI Ali
Just sending my eternal gratitude for your countless articles which are straight to the point and excellently written.
Lots of great stuff in there!
How do you use the ‘Set-Aduser’ -????????? ‘SamAccountName’ to set the OfficePhone?
or ‘Set-Aduser’ -????????? ‘UserPrincipalName’ -OfficePhone (555) 677-1212 ?
When I ran this it changes the logon name.
So I want to change user john.doe@domain.net in OU “ou=temp,ou=users,ou=Berlin,dc=domain,dc=net” to john.doe@domain.com. He is one user among many, and the rest have the correct UPN.
I edit your example to:
$LocalUsers = Get-ADUser -Filter {UserPrincipalName -like ‘*domain.net’} -SearchBase “ou=temp,ou=users,ou=Berlin,dc=domain,dc=net” -Properties UserPrincipalName -ResultSetSize $null
Doing a $LocalUsers | ft name,userPrincipalName returns the correct result – just user John Doe
I then run:
$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace(“domain.net”,”domain.com”); $_ | Set-ADUser -UserPrincipalName $newUpn}
It changes his full UPN to domain.net@domain.com instead of john.doe@domain.com as expected. Did I go wrong somewhere?
The commands look good. I also did a double-check in my environment, and it works. Maybe something went wrong when copying the command.
I did end up just recopying everything over and replacing the variables with my details and it worked. I forgot to come back and update my comment.
The funny thing was that when I look at them side-by-side (the one which didn’t work vs. the one which did work) they looked identical. So powershell was pitching a fit for no reason, it seems.
At any rate, thank you for posting these commands and taking time to reply. This has made my life a lot easier.
Thanks, this was very helpful. I converted it into adjusting UPN to multiple users for my needs.
Much obliged.
If I just want to change UPN from xxxA@domain.com to xxxB@domain.com for all users not change the UPN suffix, is there any command?
Excelente articulo, limpio, claro y bien explicado. Que sigas cosechando mas comentarios positivos.