none
My user's does not have the "userPrincipalName"

    Question

  • Hi Guys,

    I have migrated from NT to 2003 and from 2003 i have renamed the domain. Now my user's does not have the "userPrincipalName".


    Please advice what need to be done to populate the "userPrincipalName" automatically..?or i need to manually import the "userPrincipalName".

    Thanks and regards
    Apu Pavithran

    Tuesday, October 12, 2010 12:52 AM

Answers

  • It is not required that userPrincipalName be assigned a value. By default a user can always logon with sAMAccountName@MyDomain.com, where sAMAccountName is the "pre-Windows 2000 logon" name of the user, and MyDomain.com is the DNS name of the domain. It's as if this is the default user principal name if the attribute is not assigned a value. See this link:

    http://msdn.microsoft.com/en-us/library/ms677605(VS.85).aspx

    Richard Mueller


    MVP ADSI
    Tuesday, October 12, 2010 12:36 PM
  • Hi,

     

    I would like to confirm how did you rename the Domain Name, via Rendom or other tools and where did you know the users’ UPNs are missing?

     

    As “Richard Mueller” mentioned, the names of the current domain and the root domain are the default UPN suffixes. Please check the Account tab of users via ADUC and check if they can logon normally.

     

    If you do encounter issue with UPN, you may try the above suggestions or consider to assign UPN via scripts. For the detailed scripts, please refer to the following blog:

     

    How Can I Assign a New UPN to All My Users?

    http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/06/how-can-i-assign-a-new-upn-to-all-my-users.aspx

    If you encounter any difficulties when customizing the scripts, you may submit a new question in The Official Scripting Guys Forum! which is a best resource for scripting related issues.

     

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads

     

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 13, 2010 3:26 AM
    Moderator
  • Howdie!
     
    On 12.10.2010 06:46, Apu Pavithran wrote:
    > Thank you for your information. However i am using a different tool,
    > ADManager Plus <http://www.admanagerplus.com/> which has the CSV import
    > Functionality (to update any LDAP attribute).
    >
    > Please let me know whether is there any way with which i can auto
    > populate based on sAMAccountName or something like that...?
     
    You could basically do that with a script that reads the sAMAccountName
    and appends the domain suffix. I had to do something similar in my test
    environment with ADMod and ADFind from joeware.net, you know these two
    tools? Very powerful: www.joeware.net.
     
    Here's a writeup of how I solved it:
    http://www.frickelsoft.net/blog/?p=244
     
    Cheers,
    Florian
     

    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Tuesday, October 12, 2010 8:37 AM

All replies

  • ADModify.Net would be a good option for assigning userPrincipalName attribute values in bulk.

    http://admodify.codeplex.com/

    Alexei

    Tuesday, October 12, 2010 2:16 AM
  • Hi Alexei,

     

    Thank you for your information. However i am using a different tool, ADManager Plus which has the CSV import Functionality (to update any LDAP attribute).

    Please let me know whether is there any way with which i can auto populate based on sAMAccountName or something like that...?

     

    Thanks and regards

    Apu Pavithran

    Tuesday, October 12, 2010 4:46 AM
  • Howdie!
     
    On 12.10.2010 06:46, Apu Pavithran wrote:
    > Thank you for your information. However i am using a different tool,
    > ADManager Plus <http://www.admanagerplus.com/> which has the CSV import
    > Functionality (to update any LDAP attribute).
    >
    > Please let me know whether is there any way with which i can auto
    > populate based on sAMAccountName or something like that...?
     
    You could basically do that with a script that reads the sAMAccountName
    and appends the domain suffix. I had to do something similar in my test
    environment with ADMod and ADFind from joeware.net, you know these two
    tools? Very powerful: www.joeware.net.
     
    Here's a writeup of how I solved it:
    http://www.frickelsoft.net/blog/?p=244
     
    Cheers,
    Florian
     

    Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog)
    Tuesday, October 12, 2010 8:37 AM
  • It is not required that userPrincipalName be assigned a value. By default a user can always logon with sAMAccountName@MyDomain.com, where sAMAccountName is the "pre-Windows 2000 logon" name of the user, and MyDomain.com is the DNS name of the domain. It's as if this is the default user principal name if the attribute is not assigned a value. See this link:

    http://msdn.microsoft.com/en-us/library/ms677605(VS.85).aspx

    Richard Mueller


    MVP ADSI
    Tuesday, October 12, 2010 12:36 PM
  • Hi,

     

    I would like to confirm how did you rename the Domain Name, via Rendom or other tools and where did you know the users’ UPNs are missing?

     

    As “Richard Mueller” mentioned, the names of the current domain and the root domain are the default UPN suffixes. Please check the Account tab of users via ADUC and check if they can logon normally.

     

    If you do encounter issue with UPN, you may try the above suggestions or consider to assign UPN via scripts. For the detailed scripts, please refer to the following blog:

     

    How Can I Assign a New UPN to All My Users?

    http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/06/how-can-i-assign-a-new-upn-to-all-my-users.aspx

    If you encounter any difficulties when customizing the scripts, you may submit a new question in The Official Scripting Guys Forum! which is a best resource for scripting related issues.

     

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads

     

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 13, 2010 3:26 AM
    Moderator
  • Hi ,

     

    Thanks you for your comments, I renamed the domain using the rendom tool and when i look in to it i could see that none of my users doesn't have UPN, later i have imported the UPN Manually to all my users..it is fine now....

    Tuesday, November 09, 2010 4:02 AM