UserPrincipalName (UPN) in active directory is a ad user name in email format. For example, [email protected] consists of user login name (admin) and UPN suffix (shellgeek.com). During active directory setup, UPN suffix value has to be assigned, if not assigned then you may need to add upn suffix in active directory.
In this article, I will explain two different ways to add UPN suffix in active directory using Active Directory Domains and Trusts GUI interface and PowerShell script. You can use ADUC application to add upn suffix to existing user in active directory.
Cool Tip: UPN is not same as email address however sometime, it can matches user email address.
PowerShell Get-ADForest active directory cmdlet used to get specified active directory forest information, we can check using command UPN Suffix in active directory.
Add UPN Suffix in Active Directory using PowerShell
Before you add UPN suffix in active directory, check UPN suffix in active directory using below command
Get-ADForest | Format-List UPNSuffixes
In the above PowerShell script, Get-ADForest cmdlet returns active directory information. We can find UPN suffix in active directory using UPNSuffixes in above script.
Output of above PowerShell script to find UPN suffix in active directory as below
C:\> Get-ADForrest | Format-List UPNSuffixes
UPNSuffixes : {}above output has empty value for UPN suffixes in active directory.
We will set up and assign UPN suffix value in active directory.
To add UPN suffix in active directory using PowerShell, we will use Set-ADForest active directory cmdlet to assign value to UPN as below
Get-ADForest | Set-ADForest -UPNSuffixes @{add="SHELLGEEK.com"}
Set-ADForest command will add upn suffix in active directory.
You can confirm UPN is successfully added in active directory or not using below command
Get-ADForrest | Format-List UPNSuffixes
Output of above command to find UPN suffix in active directory as below
C:\> Get-ADForrest | Format-List UPNSuffixes
UPNSuffixes : {SHELLGEEK.com}
Add UPN Suffix in Active Directory using GUI
To add alternative UPN suffix in AD using Active Directory Domains and Trusts GUI interface, follow below steps
Step-1 Open Active Directory Domains and Trusts
Press Windows + R to open Run dialog and type domain.msc , click ok
or you can type Active Directory Domains and Trust in Type here to search bar and choose application to open it.
Open Properties Dialog
In the Active Directory Domains and Trusts window, right click and select Properties menu to open dialog
Select UPN Suffixes Tab
Select UPN suffixes tab, in alternative UPN suffixes box, type UPN suffix , and click on Add button, click on Apply and ok to add UPN suffix in active directory.
Change UPN Suffix for Existing Users
If you want to change or add UPN suffix for existing active directory users, use Active Directory Users and Computers (ADUC) GUI interface, follow below steps
Open ADUC GUI
To Press Windows + R to open Run dialog and type dsa.msc , click ok
It will open Active Directory Users and Computers GUI application.
Select User to add UPN suffix
Select active directory user for which you want to modify or add upn suffix. Right click on user and select Properties to open User Properties dialog
Select Account Tab to add upn suffix in active directory
Select Account tab in user properties dialog to select UPN suffix for user as given below
Select UPN suffix and click Apply to apply changes, click OK button to close dialog.
Cool Tip: How to change upn suffix for users in PowerShell!
Conclusion
In this article, I have explain about UPN suffix, how to find UPN suffixes in active directory and add UPN suffix in active directory using PowerShell script or Active Directory Domains and Trusts GUI application.
Use PowerShell Get-ADForest and Set-ADForest active directory cmdlets to get and set UPN suffix in active directory.
You can change or add UPN suffix for existing aduser in active directory using ADUC ( Active Directory Users and Computers) GUI interface.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.