locked
Script to update the UPN suffix RRS feed

  • Question

  • I m trying to change the UPN suffix for users in test OU using Powershell script, however it is prompting for values:

    #Script to update the UPN suffix
    Get-ADUser -SearchBase "ou=Test,dc=THG,dc=local" -SearchScope OneLevel -filter * |
    ForEach-Object {
    $newUPN = $_.UserPrincipalName.Replace('THG.local', 'hensongroup.com')
    $_ | Set-ADUser -server ADDS01 -UserPrincipalName $newUPN
    }

    When executed it says supply values for following parameters: Process[0] and so on.

    Can you please check or provide working script to change UPN for users in particular OU.

    Monday, May 12, 2014 7:48 PM

Answers

  • Hi,

    Try it this way:

    Get-ADUser -Filter * -SearchBase 'OU=Test,DC=domain,DC=com' -SearchScope OneLevel | ForEach {
    
        $newUPN = $_.UserPrincipalName.Replace('whatever.com','blah.com')
    
        Set-ADUser -Identity $_.SamAccountName -UserPrincipalName $newUPN
    
    }


    EDIT: See above.

    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)


    Piping a user object into Set-AdUser always works.  No need to use identity.

    ¯\_(ツ)_/¯

    Monday, May 12, 2014 9:17 PM

All replies

  • Try it like this:

    Get-ADUser -SearchBase "ou=Test,dc=THG,dc=local" -SearchScope OneLevel -filter * |
         ForEach-Object{
              Try{
                   $newUPN=$_.UserPrincipalName.Replace('THG.local', 'hensongroup.com')
                   $_ | Set-ADUser -server ADDS01 -UserPrincipalName $newUPN
              }
              Catch{
                   Write-Host $_ -fore yellow
              }
         }


    ¯\_(ツ)_/¯


    • Edited by jrv Monday, May 12, 2014 8:33 PM
    Monday, May 12, 2014 8:32 PM
  • Hi,

    Try it this way:

    Get-ADUser -Filter * -SearchBase 'OU=Test,DC=domain,DC=com' -SearchScope OneLevel | ForEach {
    
        $newUPN = $_.UserPrincipalName.Replace('whatever.com','blah.com')
    
        Set-ADUser -Identity $_.SamAccountName -UserPrincipalName $newUPN
    
    }


    EDIT: See above.

    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Monday, May 12, 2014 8:32 PM
  • The results from replace are null when there is no match.


    ¯\_(ツ)_/¯

    Monday, May 12, 2014 8:37 PM
  • The results from replace are null when there is no match.


    ¯\_(ツ)_/¯

    Good point. I wasn't considering that there could be users in the mix that wouldn't match.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Monday, May 12, 2014 8:41 PM
  • Another thing that must be true.  THe domain must point to an AD instance or domain.

    'hensongroup.com'  must be a legitimate AD domain.


    ¯\_(ツ)_/¯

    Monday, May 12, 2014 8:42 PM
  • The results from replace are null when there is no match.


    ¯\_(ツ)_/¯

    Good point. I wasn't considering that there could be users in the mix that wouldn't match.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    It all depends on the OU.  Service accounts may not have a UPN.

    We don't know.  I modified the code further to trap all errors smoothly

    Get-ADUser -SearchBase "ou=Test,dc=THG,dc=local" -SearchScope OneLevel -filter * |
         ForEach-Object{
              Try{
                   $newUPN=$_.UserPrincipalName.Replace('THG.local', 'hensongroup.com')
                   $_ | Set-ADUser -server ADDS01 -UserPrincipalName $newUPN  -ea Stop
              }
              Catch{
                   Write-Host $_ -fore yellow
              }
         }


    ¯\_(ツ)_/¯

    Monday, May 12, 2014 9:15 PM
  • Hi,

    Try it this way:

    Get-ADUser -Filter * -SearchBase 'OU=Test,DC=domain,DC=com' -SearchScope OneLevel | ForEach {
    
        $newUPN = $_.UserPrincipalName.Replace('whatever.com','blah.com')
    
        Set-ADUser -Identity $_.SamAccountName -UserPrincipalName $newUPN
    
    }


    EDIT: See above.

    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)


    Piping a user object into Set-AdUser always works.  No need to use identity.

    ¯\_(ツ)_/¯

    Monday, May 12, 2014 9:17 PM