Solved

How to change the UPN set by default  to new users in Windows 2012 R2

Posted on 2016-11-19
7
432 Views
Last Modified: 2016-11-24
Hi Experts

1. I created a new DC
2. I decided to name it company.local
3. I now realise that I should have called it company.com to get it ready for future Azure integration

4. I added company.com as an Alternative UPN suffix in Active Directory Domains & Trusts
5. I now want to make sure that all new users created in the AD get the new UPN by default (without having to manually change it when adding the new object)

How can this be done?
* I went to Active Directory Users & Computers, right-click an OU, and in Attribute Editor, changed the value of uPNSuffixes to company.com. That does not seem to set this as a default value.

Alexandre
0
Comment
Question by:Alexandre Michel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Expert Comment

by:Pune Tech
ID: 41894738
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41894832
I do not think you are wrong for naming it .local. This is only for internal use and helps you segment the public from the private. Adding the UPN Suffix is the proper way of dealing with this in my opinion.

I had to do the same thing when I introduced O365 to the mix and it works fine.

The link posted for buck changing the UPN using powershell is the easiest way to accomplish this. It will also get you thinking of using scripts to do other mass changes or management in your AD.

Good luck
0
 
LVL 4

Author Comment

by:Alexandre Michel
ID: 41895131
@Pune Tech. Thanks for that. I found this powershell script too and used it. What it does is changing the UPN for EXISTING objects in the AD (though at the end I had to use a slightly different one of the -SearchBase switch wasn't accepted).

Anyway, the question I was asking is about setting the default UPN of NEW object, so that when a user is created, it is automaticallt assigned the new company.com UPN rather than the company.local UPN which then has to be manually changed (easy enough to do, I just want to make is seamless).

Any suggestions?
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 23

Expert Comment

by:yo_bee
ID: 41895134
I will only speculate, but that would be a domain name change if you want to do that.
0
 
LVL 6

Accepted Solution

by:
Kevin Stanush earned 500 total points
ID: 41896859
If you are using ADUC to create the user accounts, there isn't any method to change the default. ADUC will always default to the domain you are running it under to manage.  

There is another EE question for this here:

https://www.experts-exchange.com/questions/21422882/How-to-change-the-default-UPN-suffix.html

The solution to this question though, while it looked promising, did not work for me.  Essentially, you were to put in another UpnSuffix value at the OU level, but all this did for me was give me another option in the dropdown, and it did not change the default.  But its worth a try, if it does not work, just clear the attribute.

The only thing you can do (if the OU level upnsuffix does not work) is to make sure anyone that is creating user accounts knows how to set the alternate upn suffix you want, or create the users from a custom application/script that you can make do whatever you want.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41896908
Here is a reason to use scripting to create users and you can template the scripts to automate group membership.
With scripting, you can control the UPN being used.
0
 
LVL 4

Author Closing Comment

by:Alexandre Michel
ID: 41900971
Thanks everyone for commenting. Most answers were confirming that it is not possible to automatically set the domain using the GUI . Sigh.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question