none
Changing a UPN to GivenFirstLetter.SurName@Domain.com RRS feed

  • Question

  • Hey Everyone i have run into a problem with a client all the users upn field seem to be empty. Is there any way to create a script to modify the upn to be first letter of firstname and surname. They have this set up in the General Email field

    thanks

    Tuesday, March 31, 2020 9:17 PM

All replies

  • Have you tried to search for it? There are literally thousands of examples for tasks like this all over the internet and even here on TechNet.

    We do not write ready to use code on request.


    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''

    Tuesday, March 31, 2020 11:20 PM
  • Hey Everyone i have run into a problem with a client all the users upn field seem to be empty. Is there any way to create a script to modify the upn to be first letter of firstname and surname. They have this set up in the General Email field

    thanks

    Whet you are asking shows a complete lack of knowledge about AD and how it works.  This is not unusually for those that only know the GUI admnin of AD.  The GUI does all of this for you and provides good wizards and error that help you to manage AD with limited or no training.

    When you move to a more powerful tool that can make changes to AD in batches you are going to have to understand how AD works.  Making batch changes without this knowledge can damage AD and make it useless.

    The issue you are trying to solve requires a bit more planning and understanding.  Basically you have to generate UPNs from the current names.  This may seem easy to you but that is because you do not understand that first name, last name are not unique in AD.   This requires specials coding and rules.  You have to understand that and select rules that will work then know enough about coding to know how to implement those rules in code.

    I recommend looking in places like the "Galley" for scripts that do AD management.  These would help you to understand how this might be done.  Of course to understand these scripts you will need to learn PowerShell and AD.

    What you are asking is that we learn your AD and then fix a problem that you or someone else who had no training in AD caused.  We cannot see or analyze your AD.  We cannot determine what rules you need to implement.

    I recommend that you contact a trained consultant to work with you to fix this issue and other issues that have likely been caused by untrained administrators.  Fixing his and other fundamental accumulated errors in AD deployment is critical to moving forwards with a correctly configured system.

    My point is that you need to understand the impact of making changes to an existing AD implementation and how those changes need to be designed.  At the simplest level we could just copy the email address into the UPN but that can create conflicts moving forwards.  The current email address needs to be analyzed and decisions made.  At the top level these decisions are business relative.  At the lowest level they can impact the usability of AD.  Since you are not trained in AD beyond basic GUI administration you must get trained people to help you design this change to work as needed in your company and AD implementation.


    \_(ツ)_/

    Tuesday, March 31, 2020 11:49 PM
  • You mentioned the "General Email field". This sounds like the field labeled "E-mail" on the "General" tab of ADUC. If so, this is the value of the "mail" attribute of the user. Is this what you mean by UPN, or do you mean that the value in that field is what you want assigned to the UPN?

    The UPN (userPrincipalName attribute) is the field labeled "User logon name" on the "Account" tab of ADUC (plus the DNS name to the right of that field).

    Note that if you update "User logon name" in ADUC, the GUI will enforce uniqueness, but you can assign duplicates in code (like PowerShell). If this is for Azure or Office 365 any script should make sure the values assigned are unique. Also, there is no guarantee that users will have values assigned to the givenName and sn (Surname) attributes (labeled "First name" and "Last name" on the "General" tab of ADUC).

    Edit: This Wiki shows all of the ADUC tabs, and the AD attributes that correspond to each field.

    https://social.technet.microsoft.com/wiki/contents/articles/6822.active-directory-attributes-in-the-aduc-gui-tool.aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Wednesday, April 1, 2020 12:34 AM
    Moderator