Changing UPN Login Name - Implications?

So right now pretty much all of our staff are used to logging on as DOMAIN\First Last.

Their UPN names are "first last@domain.com" with the UPN suffix being our external FQDN as we use split DNS.

I'd like to update peoples UPN names to match their email address.

Firstly, does anyone know a way to automate/script this? I thought ADModify might do it but it doesn't seem to.

Secondly, are there likely to be any dark dire implications in doing this?

I can't think of any because as I said, nobody even knows what their UPN name is, but that doesn't mean there isn't something I've overlooked that'll bite me on the ass :)

July 14th, 2012 5:47pm

Hi,

no there are no implications in doing this. The onyl thing is that you have to inform your users about the new loginname. :-)

In order to change the suffix you have to register it first.

  1. Open Active Directory Domains and Trusts.
  2. Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.
  3. On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.
  4. Click Add, and then click OK.
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 7:52pm

Hello,

To automate that, see if this helps: http://community.spiceworks.com/scripts/show/1457-mass-change-upn-suffix

For the implications, there is none except the fact that a Global Catalog will be required for authentication.

July 14th, 2012 8:20pm

Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address.

So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".

Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 8:33pm

Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address.

So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".

Try the script in the link I already provided. No impacts for that except if you are using applications based on UPN names and they can not update these names automatically. Here, you have to update it from AD and the application side.

July 14th, 2012 8:37pm

Hi Paul,

Thank you for the post.

Agree with others that it's no impact if you change the account UPN/User logon name.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06

To achieve your goal, run ADModify--select your user account--Account tab--enable UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box.

If there are more inquiries on this issue, please feel free to let us know.
 
Regards

Free Windows Admin Tool Kit Click here and download it now
July 17th, 2012 3:18am
What about non-Microsoft/non-AD aware systems that are using UPN addresses and lookup a UPN username but cannot find it after the change?
May 15th, 2013 5:12pm

Hi Paul,

Thank you for the post.

Agree with others that it's no impact if you change the account UPN/User logon name.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06

To achieve your goal, run ADModify--select your user account--Account tab--enable UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box.

If there are more inquiries on this issue, please feel free to let us know.
 
R

Free Windows Admin Tool Kit Click here and download it now
May 26th, 2015 11:32pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics