Skip to content

Change Users UPN with PowerShell

You want to synchronize your on-premises users with Office 365. Before you do that, ensure you configure the UPN of the Users in Active Directory (AD). In this article, you will learn how to add a UPN suffix and how to change the AD Users UPN with PowerShell.

Information

Any UPN that contains a non-routable domain, for example, john.doe@local, will be synchronized to a .onmicrosoft.com domain, like john.doe@exoip.onmicrosoft.com. That is not how it should be.

If you currently use a .local domain for your user accounts in Active Directory, it’s recommended that you change them to use a verified domain. For example, john.doe@exoip.com, to properly sync with your Office 365 domain.

Add UPN in AD

The first step is to add the UPN suffix in Active Directory.

  1. Click Start and search for Active Directory Domains and Trusts, and click on it.

You can also press Windows key + R to open the Run dialog, type in domain.msc, and then choose OK.

Change users upn with powershell active directory domains and trusts
  1. On the Active Directory Domains and Trusts window, right-click Active Directory Domains and Trusts, and then choose Properties.
Change users upn with powershell properties
  1. On the UPN Suffixes tab, in the Alternative UPN Suffixes box, type your new UPN suffix, and then choose Add. Click OK when finished.
Change users upn with powershell add UPN suffix

The UPN is added successfully.

Add UPN in AD with PowerShell

We can add the UPN suffix in AD with PowerShell.

Run PowerShell as administrator. Get a list of the UPN suffixes.

PS C:\> Get-ADForest | Format-List UPNSuffixes

UPNSuffixes : {}

It’s not showing any UPN suffixes. This means that it’s empty. Let’s add the UPN suffix.

PS C:\> Get-ADForest | Set-ADForest -UPNSuffixes @{add="exoip.com"}

Confirm that the UPN suffix is added successfully.

PS C:\> Get-ADForest | Format-List UPNSuffixes

UPNSuffixes : {exoip.com}

Change UPN for all AD Users

Now that we have set the UPN suffix in AD, we like to change the UPN for all the users in AD.

Let’s first start by getting a list of all the AD Users in the organization.

PS C:\> Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, UserPrincipalName

Name          UserPrincipalName
----          -----------------
Administrator administrator@exoip.local
Amanda Morgan Amanda.Morgan@exoip.local
Amelia Nash   Amelia.Nash@exoip.local

Change the UPN for all the AD users in the organization. Run the commands one by one.

PS C:\> $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*exoip.local'} -Properties UserPrincipalName -ResultSetSize $null
PS C:\> $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("exoip.local","exoip.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

Confirm that the UPN is changed by running the Get-ADUser cmdlet.

PS C:\> Get-ADUser -Filter * | Sort-Object Name | Format-Table Name, UserPrincipalName

Name          UserPrincipalName
----          -----------------
Administrator administrator@exoip.com
Amanda Morgan Amanda.Morgan@exoip.com
Amelia Nash   Amelia.Nash@exoip.com

The UPN is successfully changed for all the users in the organization. Suppose you like to change the UPN back to exoip.local, change the UPN in previous commands.

You may have a long list of users and want to verify if there are no .local addresses in the AD. Get a list of all users with .local UPN suffix. The output should be empty.

PS C:\> Get-ADUser -Filter {UserPrincipalName -like '*local'} | Sort-Object Name | Format-Table Name, UserPrincipalName

Change UPN for AD Users in a specific OU

You don’t have to change the UPN for all the users. It’s possible to change the UPN for a specific OU. Read more on how to get OUs with PowerShell.

Let’s first start by getting a list of the AD Users in a specific OU. We have an OU named Finance.

PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Format-Table Name, UserPrincipalName

Name             UserPrincipalName
----             -----------------
Madeleine Fisher Madeleine.Fisher@exoip.local
Sebastian Nolan  Sebastian.Nolan@exoip.local
Irene Springer   Irene.Springer@exoip.local
Amelia Nash      Amelia.Nash@exoip.local
Jasmina Wilson   Jasmina.Wilson@exoip.local

Change the UPN for the AD users in the Finance OU. Run the commands one by one.

PS C:\> $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*exoip.local'} -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" -Properties UserPrincipalName -ResultSetSize $null
PS C:\> $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("exoip.local","exoip.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

Confirm that the UPN is changed by running the Get-ADUser cmdlet.

PS C:\> Get-ADUser -Filter * -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Format-Table Name, UserPrincipalName

Name             UserPrincipalName
----             -----------------
Madeleine Fisher Madeleine.Fisher@exoip.com
Sebastian Nolan  Sebastian.Nolan@exoip.com
Irene Springer   Irene.Springer@exoip.com
Amelia Nash      Amelia.Nash@exoip.com
Jasmina Wilson   Jasmina.Wilson@exoip.com

The UPN is successfully changed for the Finance users. Suppose you like to change the UPN back to exoip.local, change the UPN in previous commands.

You may have a long list of users, and you want to verify if there are no .local addresses in the AD OU. Get a list of all users with .local UPN suffix. The output should be empty.

PS C:\> Get-ADUser -Filter {UserPrincipalName -like '*local'} -SearchBase "OU=Finance,OU=Users,OU=Company,DC=exoip,DC=local" | Sort-Object Name | Format-Table Name, UserPrincipalName

That’s it!

Now that the UPN is changed for the users, what if you want to change it automatically? Read more on how to Change Users UPN automatically with scheduled task.

In the next step, we will look at Microsoft IdFix – Directory synchronization error remediation tool.

Conclusion

You learned how to change Users UPN with PowerShell. Change all the users in Active Directory or only a selected OU. Remember to verify your work when done.

Did you enjoy this article? You may also like Add users to group with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 8 Comments

  1. HI Ali

    Just sending my eternal gratitude for your countless articles which are straight to the point and excellently written.

    Lots of great stuff in there!

  2. How do you use the ‘Set-Aduser’ -????????? ‘SamAccountName’ to set the OfficePhone?
    or ‘Set-Aduser’ -????????? ‘UserPrincipalName’ -OfficePhone (555) 677-1212 ?

  3. When I ran this it changes the logon name.

    So I want to change user john.doe@domain.net in OU “ou=temp,ou=users,ou=Berlin,dc=domain,dc=net” to john.doe@domain.com. He is one user among many, and the rest have the correct UPN.

    I edit your example to:

    $LocalUsers = Get-ADUser -Filter {UserPrincipalName -like ‘*domain.net’} -SearchBase “ou=temp,ou=users,ou=Berlin,dc=domain,dc=net” -Properties UserPrincipalName -ResultSetSize $null

    Doing a $LocalUsers | ft name,userPrincipalName returns the correct result – just user John Doe

    I then run:

    $LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace(“domain.net”,”domain.com”); $_ | Set-ADUser -UserPrincipalName $newUpn}

    It changes his full UPN to domain.net@domain.com instead of john.doe@domain.com as expected. Did I go wrong somewhere?

      1. I did end up just recopying everything over and replacing the variables with my details and it worked. I forgot to come back and update my comment.

        The funny thing was that when I look at them side-by-side (the one which didn’t work vs. the one which did work) they looked identical. So powershell was pitching a fit for no reason, it seems.

        At any rate, thank you for posting these commands and taking time to reply. This has made my life a lot easier.

  4. Thanks, this was very helpful. I converted it into adjusting UPN to multiple users for my needs.
    Much obliged.

  5. Excelente articulo, limpio, claro y bien explicado. Que sigas cosechando mas comentarios positivos.

Leave a Reply

Your email address will not be published. Required fields are marked *