Changing UPN Login Name - Implications?
So right now pretty much all of our staff are used to logging on as DOMAIN\First Last.
Their UPN names are "first last@domain.com" with the UPN suffix being our external FQDN as we use split DNS.
I'd like to update peoples UPN names to match their email address.
Firstly, does anyone know a way to automate/script this? I thought ADModify might do it but it doesn't seem to.
Secondly, are there likely to be any dark dire implications in doing this?
I can't think of any because as I said, nobody even knows what their UPN name is, but that doesn't mean there isn't something I've overlooked that'll bite me on the ass :)
July 14th, 2012 1:58pm
Hi,
no there are no implications in doing this. The onyl thing is that you have to inform your users about the new loginname. :-)
In order to change the suffix you have to register it first.
Open Active Directory Domains and Trusts.Right-click Active Directory Domains and Trusts in the
Tree window pane, and then click Properties.On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.Click Add, and then click OK.regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 4:03pm
Hello,
To automate that, see if this helps: http://community.spiceworks.com/scripts/show/1457-mass-change-upn-suffix
For the implications, there is none except the fact that a Global Catalog will be required for authentication.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
July 14th, 2012 4:32pm
Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address.
So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 4:44pm
Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address.
So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".
Try the script in the link I already provided. No impacts for that except if you are using applications based on UPN names and they can not update these names automatically. Here, you have to update it from AD and the application side.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
July 14th, 2012 4:48pm
Hi Paul,
Thank you for the post.
Agree with others that it's no impact if you change the account UPN/User logon name.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06
To achieve your goal, run ADModify--select your user account--Account tab--enable
UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box.
If there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 11:18pm
Hi Paul,
Thank you for the post.
Agree with others that it's no impact if you change the account UPN/User logon name.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06
To achieve your goal, run ADModify--select your user account--Account tab--enable
UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box.
If there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
July 16th, 2012 11:21pm