Solved

How to change the UPN set by default  to new users in Windows 2012 R2

Posted on 2016-11-19
7
25 Views
Last Modified: 2016-11-24
Hi Experts

1. I created a new DC
2. I decided to name it company.local
3. I now realise that I should have called it company.com to get it ready for future Azure integration

4. I added company.com as an Alternative UPN suffix in Active Directory Domains & Trusts
5. I now want to make sure that all new users created in the AD get the new UPN by default (without having to manually change it when adding the new object)

How can this be done?
* I went to Active Directory Users & Computers, right-click an OU, and in Attribute Editor, changed the value of uPNSuffixes to company.com. That does not seem to set this as a default value.

Alexandre
0
Comment
Question by:Alexandre Michel
7 Comments
 
LVL 2

Expert Comment

by:Pune Tech
ID: 41894738
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 41894832
I do not think you are wrong for naming it .local. This is only for internal use and helps you segment the public from the private. Adding the UPN Suffix is the proper way of dealing with this in my opinion.

I had to do the same thing when I introduced O365 to the mix and it works fine.

The link posted for buck changing the UPN using powershell is the easiest way to accomplish this. It will also get you thinking of using scripts to do other mass changes or management in your AD.

Good luck
0
 
LVL 4

Author Comment

by:Alexandre Michel
ID: 41895131
@Pune Tech. Thanks for that. I found this powershell script too and used it. What it does is changing the UPN for EXISTING objects in the AD (though at the end I had to use a slightly different one of the -SearchBase switch wasn't accepted).

Anyway, the question I was asking is about setting the default UPN of NEW object, so that when a user is created, it is automaticallt assigned the new company.com UPN rather than the company.local UPN which then has to be manually changed (easy enough to do, I just want to make is seamless).

Any suggestions?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 21

Expert Comment

by:yo_bee
ID: 41895134
I will only speculate, but that would be a domain name change if you want to do that.
0
 
LVL 4

Accepted Solution

by:
Kevin Stanush earned 500 total points
ID: 41896859
If you are using ADUC to create the user accounts, there isn't any method to change the default. ADUC will always default to the domain you are running it under to manage.  

There is another EE question for this here:

https://www.experts-exchange.com/questions/21422882/How-to-change-the-default-UPN-suffix.html

The solution to this question though, while it looked promising, did not work for me.  Essentially, you were to put in another UpnSuffix value at the OU level, but all this did for me was give me another option in the dropdown, and it did not change the default.  But its worth a try, if it does not work, just clear the attribute.

The only thing you can do (if the OU level upnsuffix does not work) is to make sure anyone that is creating user accounts knows how to set the alternate upn suffix you want, or create the users from a custom application/script that you can make do whatever you want.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 41896908
Here is a reason to use scripting to create users and you can template the scripts to automate group membership.
With scripting, you can control the UPN being used.
0
 
LVL 4

Author Closing Comment

by:Alexandre Michel
ID: 41900971
Thanks everyone for commenting. Most answers were confirming that it is not possible to automatically set the domain using the GUI . Sigh.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now