Change UPN Script

I need to change the UPN suffix for my entire domain. I found some scripts online but cannot get any of them to work. This is the powershell i tried. I cannot see the error either because powershell window doesnt stay open.

Import-Module ActiveDirectory

Get-ADUser -Filter {UserPrincipalName -like "*@DOMAIN.LOCAL"} -SearchBase "OU=Test,DC=TABUSH,DC=LOCAL" |
ForEach-Object {
    $UPN = $_.DOMAIN.LOCAL,domain.com
    Set-ADUser $_ -UserPrincipalName $UPN
}
LVL 2
tabushAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
The below code will do exactly what you are looking for.

Import-Module activedirectory
$ADUsers = Get-ADUser -Filter {UserPrincipalName -like "*@olddomain.com"}
ForEach ($user in $ADUsers) 
        {
        $NewDomain = "@NewDomain.com"
            Set-ADUser -Identity $user -UserPrincipalName $($user.name + $NewDomain)
        
}

Open in new window


Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tabushAuthor Commented:
How do i filter this for certain OU? i know i wrote entire domain but i want to test on specific OU in my demo environment before running on my entire domain.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Use the below script for specific OU...
Import-Module activedirectory
$ADUsers = Get-ADUser -Filter {UserPrincipalName -like "*@olddomain.com"} -SearchBase "ou=testou,dc=domain,dc=com"
ForEach ($user in $ADUsers) 
        {
        $NewDomain = "@NewDomain.com"
            Set-ADUser -Identity $user -UserPrincipalName $($user.name + $NewDomain)
        
}

Open in new window


Will.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

tabushAuthor Commented:
I tried to use this powershell script and didnt work (UPN didnt change). I was careful in replacing the variables and was case sensitive just in case.

Is there any way to pause the script at the end so i can see if there are any errors? I am running the powershell by pasting this script into a .ps1 file then right clicking, run with powershell.
0
Will SzymkowskiSenior Solution ArchitectCommented:
I just tested this in my lab and it worked, no issues. I would sugget that you try this for a specific "ONE" user. Use the below command...

Just change the name of "testuser" to whatever user you want to test against in your AD. OU not required as it will only modify a single user.
Import-Module activedirectory
$ADUsers = Get-ADUser -Identity testuser
ForEach ($user in $ADUsers) 
        {
        $NewDomain = "@NewDomain.com"
            Set-ADUser -Identity $user -UserPrincipalName $($user.name + $NewDomain)
        
}

Open in new window


Will.
0
tabushAuthor Commented:
Think its something with the domain i was testing on. I was testing on windows 2008r2 server and it wasnt working then tried on another domain which has windows 2012 and it worked.

I noticed that powershell ISE wasnt installed on the 2008r2 server (not default on 2008r2). Ill add it to see if that has anything to do with script not working.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Having the ISE will not matter. If you are running this script in the Powershell native session when you need to copy the entire script into notepad and save it as a .ps1 file entension.

You cannot copy and paste what i have created into a powershell window. If you want to do it that way then you will have to use the ISE.

Will.
0
tabushAuthor Commented:
Yes i was pasting into notepad, not powershell window.
When i ran on my 2012 server the first time a got a confirmation message within ISE to allow unsecure scripts to run and i had to type "Y"
Then after that i was able to run the script without confirmation. Maybe this is happening on 2008r2 but not giving me the option to type Y because i dont have ISE
0
Will SzymkowskiSenior Solution ArchitectCommented:
That is your ExecutionPolicy.

You should set it to Set-ExecutionPolicy RemoteSigned

Will.
0
tabushAuthor Commented:
Thanks! Script works now
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.