none
Sanity check on Powershell mass UPN suffix rename RRS feed

  • Question

  • I've cobbled together a powershell script to modify the UPN suffix from one suffix to another; it seems to work just fine on our dev and test AD domains. I just wanted to run it by experts on here and make sure it looks good and there are no unforeseen issues before executing in Prod:

    $out_success = 'C:\temp\UPN-success.log'
    $out_fail = 'C:\temp\UPN-fail.log'
    #Replace with the old suffix
    $oldSuffix = 'old_upn_value'
    #Replace with the new suffix
    $newSuffix = 'new_upn_value'
    #Replace with the OU you want to change the suffix
    $ou = "OU=myOU,DC=mydomain"
    Get-ADUser -Properties userPrincipalName -SearchBase $ou -filter * | ForEach-Object {
    $newUPN = $_.userPrincipalName.Replace($oldSuffix,$newSuffix)
    $_ | Set-ADUser -userPrincipalName $newUPN
    #  Log file time stamp:
    $LogTime = Get-Date -Format "MM-dd-yyyy_hh:mm:ss"
    if
    ($newUPN -match $newSuffix)
    {
       "Command succeeded @ $LogTime. New UPN = $newUPN" | out-file -append $out_success
    }
    else
    {
       "Command failed @ $LogTime. UPN NOT updated for $newUPN" | out-file -append $out_fail
    }
    }

    Thanks!

    Wednesday, February 12, 2014 4:23 PM

Answers

  • You could have a problem if your old suffix is destiny.com and the new one was mydestiny.com, as a rerun of your script would result in whatever@mymydestiny.com. There is technically also a possibility that the characters forming the old suffix appear also in some usernames. For these reasons I would suggest you consider the first character in the suffix to be "@" rather than the character following the "@":

    $oldSuffix = '@old_upn_value'
    #Replace with the new suffix
    $newSuffix = '@new_upn_value'
     


    Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.

    • Marked as answer by Dale_O Wednesday, February 12, 2014 11:27 PM
    Wednesday, February 12, 2014 5:06 PM

All replies

  • You could have a problem if your old suffix is destiny.com and the new one was mydestiny.com, as a rerun of your script would result in whatever@mymydestiny.com. There is technically also a possibility that the characters forming the old suffix appear also in some usernames. For these reasons I would suggest you consider the first character in the suffix to be "@" rather than the character following the "@":

    $oldSuffix = '@old_upn_value'
    #Replace with the new suffix
    $newSuffix = '@new_upn_value'
     


    Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.

    • Marked as answer by Dale_O Wednesday, February 12, 2014 11:27 PM
    Wednesday, February 12, 2014 5:06 PM
  • Thanks Al,   the old suffix and new are completely different strings so we're okay there, but adding the "@" is a good idea !

    Thanks again.

    Wednesday, February 12, 2014 7:39 PM
  • my motto: making it bullet-proof now helps keep you from biting the bullet later! ;-)


    Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.

    Wednesday, February 12, 2014 8:18 PM