Thursday, February 14, 2013

Scripting UPN suffix changes in PowerShell

I've been doing a little consulting work on the side lately. One client is using an alternate UPN suffix to make a "pretty" UPN even though they're using a subdomain for their Active Directory as I recommend here. Since the end users will be instructed to "log in with their email address" it's important that all user accounts have the proper UPN set.

After defining the desired UPN in Active Directory Domains and Trusts, I realized that there was no good way to "force" new accounts use this UPN. The person at the site responsible for adding and removing users generally isn't a full-time IT person, so while you can give instructions, you can't guarantee that they'll be followed. To work around this, I whipped up a few lines of PowerShell and dropped it into task scheduler. It runs every 10 minutes and queries AD for all users in a specific OU structure that have the undesirable UPN and changes it to the desired one.




Posted by Mark at Thursday, February 14, 2013
Labels: , ,

11 comments:

  1. Unknown8/19/2014 7:39 AM

    Thanks for this. @jscott let me know about this. One thing I did discover is that the replace method is case sensitive. Thanks again for this quick fix!

    ReplyDelete
    Replies
    1. Anonymous2/17/2015 10:51 PM

      Thank you!!! Case-sensitive domain names. Was wondering what the hell I was doing wrong.

      Delete
  2. Nathan9/03/2014 9:53 AM

    I need to modify the User Logon name that forms the first part of the UPN: oldupn@wherever.com to new.upn@wherever.com
    I need to combine the givenname "new" and SN "upn" to make the "new.upn"
    Any suggestions welcomed. regards.

    ReplyDelete
    Replies
    1. Mark9/03/2014 10:14 AM

      Should be easy. Use .Split() to split the existing UPN at the @ and take the first element of the resulting array to feed to Replace() for each user. In this case, instead of replacing the suffix, you'll replace the prefix.

      Delete
    2. Anonymous11/25/2015 5:29 AM

      Hi Mark, would you have an example of the script required for doing this?
      Changing the username part as well oldupn@wherever.com to new.upn@wherever.com

      Thanks.

      Delete
    3. Unknown4/29/2016 11:25 AM

      I am also interested in the same UPN change that Anonymous is asking about. I only need to change the prefix from LastNameFirstInitial to FirstName_LastName. The suffix can stay the same. I'm not a scripting person, so is there anyone out there who can show a script that does just that? Thank you.

      Delete
  3. Anonymous10/01/2014 4:33 PM

    This script worked great for my entire domain. I had tried several different variants from other authors of the same idea that ran with no errors but made absolutely no changed to the users. Thanks a lot!

    ReplyDelete
  4. Anonymous10/02/2015 4:48 PM

    Hello!
    Thanks for this!

    But if you have Troubles with case sensitive Charakters, try this:

    case sensitive:
    $upn = $_.UserPrincipalName.Replace("ad.example.com","example.com")

    case insensitive:
    $upn = $_.UserPrincipalName -replace "ad.example.com","example.com"

    I hope this helps someone. :-)

    ReplyDelete
  5. Unknown6/13/2016 4:30 PM

    Is this script still available - I am unable to view it?

    ReplyDelete
    Replies
    1. Mark6/14/2016 5:52 AM

      It's still there. You must be on a network that can't access Pastebin

      Delete
  6. Anonymous12/16/2016 12:49 PM

    How do I update UPN suffix when the suffix is not defined. For the Get-aduser, i'm using -notlike our domain name but how do i do the foreach for empty suffix?

    ReplyDelete

Subscribe to: Post Comments (Atom)