[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 138
  • Last Modified:

Is there a way to set a user's UPN via GPO per OU?

We are trying to see if there is a way to set a user's UPN via GPO per OU. I haven't been able to find anything that will allow us to do this but wanted to see if anyone has before.

Let's say we have 3 OU's and each OU has different UPN's we want to assign, is there a way to do this via GPO so when we create a new user object in the specified OU, it appends the applicable UPN?
1 Solution
I think this can be possible via a script.. but not necessarily a GPO, as I see this more as a one-time change, not something you want to run every time a user logs on the domain. I see this more as a mass batch job that would change all existing accounts, and new accounts will be done as they come in.. is this kind of thing you are looking for?

Changes to the account like this would require the account that it is running on to have at least some kind of privileged access.. so I this more as a vbscript or Powershell that you want to execute on specific OUs.. now THAT can be possible, as the OU, username, UPN are all attributes for each account.

Liam SomervilleCommented:
You'd want something like this:
$Users = Get-ADUser -Filter * -SearchBase "OU=OUName,DC=YourDomain,DC=LOCAL"
foreach ($User in $Users)
    Get-ADUser $User | Set-ADUser -UserPrincipalName $($User.SamAccountName+"@YourDomain.LOCAL")
} # end foreach

Open in new window

You'd obviously want to modify the UPN section to your needs
RCOtechAuthor Commented:
Thank you for both of your responses. We will have to apply this to existing users.  We have lots of OU's per location, do you recommend running task scheduler to automate assignment of the UPN per OU for new user object creation?
Liam SomervilleCommented:
Existing locations can be modified using the above script. When creating users using the GUI, I believe you can set the UPN. If you create users using PowerShell, you can just add that to the end of the user creation process.
Cliff GaliherCommented:
Even if you have a lot of users, you wouldn't want to make this change via GPO. Group policies run during computer startup or logon. And a user's UPN is an object property, so there is no reason for it to be changed at every startup or logon. You'd instead use a one-off script that can target an OU. But you'd run the script manually, not as part if a GPO (what's the point of waiting for a GPO process?)

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now