locked
Changing UPN Login Name - Implications? RRS feed

  • Question

  • So right now pretty much all of our staff are used to logging on as DOMAIN\First Last.

    Their UPN names are "first last@domain.com" with the UPN suffix being our external FQDN as we use split DNS.

    I'd like to update peoples UPN names to match their email address.

    Firstly, does anyone know a way to automate/script this? I thought ADModify might do it but it doesn't seem to.

    Secondly, are there likely to be any dark dire implications in doing this?

    I can't think of any because as I said, nobody even knows what their UPN name is, but that doesn't mean there isn't something I've overlooked that'll bite me on the ass :)

    Saturday, July 14, 2012 5:47 PM

Answers

All replies

  • Hi,

    no there are no implications in doing this. The onyl thing is that you have to inform your users about the new loginname. :-)

    In order to change the suffix you have to register it first.

    1. Open Active Directory Domains and Trusts.
    2. Right-click Active Directory Domains and Trusts in the Tree window pane, and then click Properties.
    3. On the UPN Suffixes tab, type the new UPN suffix that you would like to add to the forrest.
    4. Click Add, and then click OK.

    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Saturday, July 14, 2012 7:52 PM
  • Hello,

    To automate that, see if this helps: http://community.spiceworks.com/scripts/show/1457-mass-change-upn-suffix

    For the implications, there is none except the fact that a Global Catalog will be required for authentication.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Saturday, July 14, 2012 8:20 PM
  • Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address.

    So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".

    Saturday, July 14, 2012 8:33 PM
  • Thanks both, it's actually not the suffix I want to automate as that's already correct, it's making the username part the same as the email address.

    So right now the UPN is "joe bloggs@domain.com" when I need "joe.bloggs@domain.com".

    Try the script in the link I already provided. No impacts for that except if you are using applications based on UPN names and they can not update these names automatically. Here, you have to update it from AD and the application side.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Saturday, July 14, 2012 8:37 PM
  • Hi Paul,

    Thank you for the post.

    Agree with others that it's no impact if you change the account UPN/User logon name.
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06

    To achieve your goal, run ADModify--select your user account--Account tab--enable UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box.

    If there are more inquiries on this issue, please feel free to let us know.
     
    Regards


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Friday, July 20, 2012 2:43 AM
    Tuesday, July 17, 2012 3:18 AM
  • What about non-Microsoft/non-AD aware systems that are using UPN addresses and lookup a UPN username but cannot find it after the change?
    Wednesday, May 15, 2013 5:12 PM
  • Hi Paul,

    Thank you for the post.

    Agree with others that it's no impact if you change the account UPN/User logon name.
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4f107312-914d-4705-98e2-6839a1857c06

    To achieve your goal, run ADModify--select your user account--Account tab--enable UPN option and input %'givenName'%.%'sn'% in Legacy Account blank box.

    If there are more inquiries on this issue, please feel free to let us know.
     
    Regards


    Rick Tan

    TechNet Community Support

    Late to party here so would changing a user' UPN have any implications on logging into their computer the same usual way with just username with no domain, or logging into any third-party web-based system that use LDAP? 

    Wednesday, May 27, 2015 3:26 AM