none
Changing a UPN to GivenName.SurName@Domain.com RRS feed

  • Question

  • Hi, 

    I see plenty of posts regarding changing the domain suffix of a UPN from something like @domain-name.local to @public-domain.com, and thats fine. I've got a client whose logon names are 'firstname lastname' (WITH A SPACE IN THEM)

    They need to do a directory sync with a third party vendor, and their UPNs need to be first name.lastname@public-domain.com

    Question 1

    If I change their login name from 'pete long' to 'pete.long', when they logon to their client machines, will they successfully logon with their SAMaccountName (which will still be 'pete long') will this continue to work? Or will it logon with a temporary profile, (so the user assumes they've lost all their data).

    Question 2

    As I said I can change the domain portion of the UPN easily, how can I script changing all the 'User Logon Names' that contain a space. (some don't annoyingly!) To first name.lastname?

    Regards,

    Pete


    Regards Pete Long http://www.petenetlive.com


    • Edited by PeteLongMVP Tuesday, August 30, 2016 1:25 PM
    Tuesday, August 30, 2016 1:24 PM

Answers

All replies

  • Hi,

    Question 2:

    Get-ADUser -Filter "UserPrincipalName -like '* *'" -SearchBase 'OU=Users - TEST,DC=domain,DC=com' | ForEach {
    
        Set-ADUser -Identity $_.SamAccountName -UserPrincipalName "$($_.GivenName).$($_.Surname)@domain.com" -WhatIf
    
    }


    EDIT: See Richard's post below for caveats about this approach.

    Tuesday, August 30, 2016 1:39 PM
  • Mike's solution assumes that the GivenName and Surname fields are populated in AD. The values should appear on the "General" tab of ADUC (labeled "First name" and "Last name").


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, August 30, 2016 3:05 PM
    Moderator
  • Mike's solution assumes that the GivenName and Surname fields are populated in AD. The values should appear on the "General" tab of ADUC (labeled "First name" and "Last name").


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    True story, good point. I should have mentioned that.


    Tuesday, August 30, 2016 3:48 PM
  • Cheers Mike, any idea how this affect the local profiles on client machines, I've read some posts that say it will simply use the SAMAccountName and 'just work' but others that say it will 'log you on with a temporary profile'

    Normally I'd just test it on my test network, but thats not an option at the moment :(

    Regards,

    Pete


    Regards Pete Long http://www.petenetlive.com

    Wednesday, August 31, 2016 7:03 AM
  • Logon and profile are referenced to SamAccountName and to SID.


    \_(ツ)_/

    Wednesday, August 31, 2016 11:04 AM