skip to Main Content

Change Users UPN with PowerShell

You want to synchronize your on-premises users, for example with Office 365. Before you do that, make sure that you configure the UPN of the Users in Active Directory (AD). In this article, you will learn how to add a UPN suffix and how to change the UPN of the AD Users with PowerShell.

Information

Any UPN that contains a non-routable domain, for example, john.doe@local, will be synchronized to a .onmicrosoft.com domain, like john.doe@exoip.onmicrosoft.com. That is not how it should. If you currently use a .local domain for your user accounts in Active Directory, it’s recommended that you change them to use a verified domain. For example, john.doe@exoip.com, to properly sync with your Office 365 domain. That’s how it should.

Add UPN in AD

The first step is to add the UPN suffix in Active Directory.

Click Start and search for Active Directory Domains and Trusts, and click on it. You can also press Windows key + R to open the Run dialog, type in domain.msc, and then choose OK.

Change users upn with powershell active directory domains and trusts

On the Active Directory Domains and Trusts window, right-click Active Directory Domains and Trusts, and then choose Properties.

Change users upn with powershell properties

On the UPN Suffixes tab, in the Alternative UPN Suffixes box, type your new UPN suffix, and then choose Add. Click OK when finished.

Change users upn with powershell add UPN suffix

The UPN is added successfully.

Add UPN in AD with PowerShell

We can add the UPN suffix in AD with PowerShell.

Run PowerShell as administrator. Get a list of the UPN suffixes.

PS C:\> Get-ADForest | Format-List UPNSuffixes

UPNSuffixes : {}

It’s not showing any UPN suffixes. This means that it’s empty. Let’s add the UPN suffix.

PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes @{add="exoip.com"}

Confirm that the UPN suffix is added successfully.

PS C:\> Get-ADForest | Format-List UPNSuffixes

UPNSuffixes : {exoip.com}

Change UPN for all AD Users

Now that we have set the UPN suffix in AD, we like to change the UPN for all the users in AD.

Let’s first start by getting a list of all the AD Users in the organization.

PS C:\> Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, UserPrincipalName

Name          UserPrincipalName
----          -----------------
Administrator administrator@exoip.local
Amanda Morgan Amanda.Morgan@exoip.local
Amelia Nash   Amelia.Nash@exoip.local

Change the UPN for all the AD users in the organization. Run the commands one by one.

PS C:\> $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*exoip.local'} -Properties UserPrincipalName -ResultSetSize $null
PS C:\> $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("exoip.local","exoip.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

Confirm that the UPN is changed by running the Get-ADUser cmdlet.

PS C:\> Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, UserPrincipalName

Name          UserPrincipalName
----          -----------------
Administrator administrator@exoip.com
Amanda Morgan Amanda.Morgan@exoip.com
Amelia Nash   Amelia.Nash@exoip.com

The UPN is successfully changed for all the users in the organization. Suppose you like to change the UPN back to exoip.local, change the UPN in previous commands.

You may have a long list of users, and you want to verify if there are no .local addresses in the AD. Get a list of all users with .local UPN suffix. The output should be empty.

PS C:\> Get-ADUser -Filter {UserPrincipalName -like '*local'} | Sort-Object Name | Format-Table Name, UserPrincipalName

Change UPN for AD Users in a specific OU

You don’t have to change the UPN for all the users. It’s possible to change the UPN for a specific OU. Read more on how to get OUs with PowerShell.

Let’s first start by getting a list of the AD Users in a specific OU. We have an OU named Finance.

PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Format-Table Name, UserPrincipalName

Name             UserPrincipalName
----             -----------------
Madeleine Fisher Madeleine.Fisher@exoip.local
Sebastian Nolan  Sebastian.Nolan@exoip.local
Irene Springer   Irene.Springer@exoip.local
Amelia Nash      Amelia.Nash@exoip.local
Jasmina Wilson   Jasmina.Wilson@exoip.local

Change the UPN for the AD users in the Finance OU. Run the commands one by one.

PS C:\> $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*exoip.local'} -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" -Properties UserPrincipalName -ResultSetSize $null
PS C:\> $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("exoip.local","exoip.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

Confirm that the UPN is changed by running the Get-ADUser cmdlet.

PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Format-Table Name, UserPrincipalName

Name             UserPrincipalName
----             -----------------
Madeleine Fisher Madeleine.Fisher@exoip.com
Sebastian Nolan  Sebastian.Nolan@exoip.com
Irene Springer   Irene.Springer@exoip.com
Amelia Nash      Amelia.Nash@exoip.com
Jasmina Wilson   Jasmina.Wilson@exoip.com

The UPN is successfully changed for the Finance users. Suppose you like to change the UPN back to exoip.local, change the UPN in previous commands.

You may have a long list of users, and you want to verify if there are no .local addresses in the AD OU. Get a list of all users with .local UPN suffix. The output should be empty.

PS C:\> Get-ADUser -Filter {UserPrincipalName -like '*local'} -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Sort-Object Name | Format-Table Name, UserPrincipalName

That’s it!

Now that the UPN is changed for the users, what if you want to change it automatically? Read more on how to Change Users UPN automatically with scheduled task.

In the next step, we will look at Microsoft IdFix – Directory synchronization error remediation tool.

Conclusion

In this article, you learned how to change Users UPN with PowerShell. Change all the users in Active Directory or only a selected OU. Verify your work when done.

Did you enjoy this article? If so, you may like the article Install Exchange Server 2016 step by step. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 3 Comments

  1. Thanks, this was very helpful. I converted it into adjusting UPN to multiple users for my needs.
    Much obliged.

  2. Excelente articulo, limpio, claro y bien explicado. Que sigas cosechando mas comentarios positivos.

Leave a Reply

Your email address will not be published. Required fields are marked *