So right now pretty much all of our staff are used to logging on as DOMAIN\First Last. Their UPN names are "first last@domain.com" with the UPN suffix being our external FQDN as we use split DNS. I'd like to update peoples UPN names to match their email address. Firstly, does anyone know a way to automate/script this? I thought ADModify might do it but it doesn't seem to. Secondly, are there likely to be any dark dire implications in doing this? I can't think of any because as I said, nobody even knows what their UPN name is, but that doesn't mean there isn't something I've overlooked that'll bite me on the ass :)

Hi, no there are no implications in doing this. The onyl thing is that you have to inform your users about the new loginname. :-) In order to change the suffix you have to register it first. Open Active Directory Domains and Trusts.Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.Click Add, and then click OK.regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

Hello, To automate that, see if this helps: http://community.spiceworks.com/scripts/show/1457-mass-change-upn-suffix For the implications, there is none except the fact that a Global Catalog will be required for authentication. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address. So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".

Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address. So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com". Try the script in the link I already provided. No impacts for that except if you are using applications based on UPN names and they can not update these names automatically. Here, you have to update it from AD and the application side. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hi Paul, Thank you for the post. Agree with others that it's no impact if you change the account UPN/User logon name. http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06 To achieve your goal, run ADModify--select your user account--Account tab--enable UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box. If there are more inquiries on this issue, please feel free to let us know. RegardsRick Tan TechNet Community Support

Hi Paul, Thank you for the post. Agree with others that it's no impact if you change the account UPN/User logon name. http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06 To achieve your goal, run ADModify--select your user account--Account tab--enable UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box. If there are more inquiries on this issue, please feel free to let us know. RegardsRick Tan TechNet Community Support