Solved

How to change the UPN set by default  to new users in Windows 2012 R2

Posted on 2016-11-19
7
63 Views
Last Modified: 2016-11-24
Hi Experts

1. I created a new DC
2. I decided to name it company.local
3. I now realise that I should have called it company.com to get it ready for future Azure integration

4. I added company.com as an Alternative UPN suffix in Active Directory Domains & Trusts
5. I now want to make sure that all new users created in the AD get the new UPN by default (without having to manually change it when adding the new object)

How can this be done?
* I went to Active Directory Users & Computers, right-click an OU, and in Attribute Editor, changed the value of uPNSuffixes to company.com. That does not seem to set this as a default value.

Alexandre
0
Comment
Question by:Alexandre Michel
7 Comments
 
LVL 3

Expert Comment

by:Pune Tech
ID: 41894738
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 41894832
I do not think you are wrong for naming it .local. This is only for internal use and helps you segment the public from the private. Adding the UPN Suffix is the proper way of dealing with this in my opinion.

I had to do the same thing when I introduced O365 to the mix and it works fine.

The link posted for buck changing the UPN using powershell is the easiest way to accomplish this. It will also get you thinking of using scripts to do other mass changes or management in your AD.

Good luck
0
 
LVL 4

Author Comment

by:Alexandre Michel
ID: 41895131
@Pune Tech. Thanks for that. I found this powershell script too and used it. What it does is changing the UPN for EXISTING objects in the AD (though at the end I had to use a slightly different one of the -SearchBase switch wasn't accepted).

Anyway, the question I was asking is about setting the default UPN of NEW object, so that when a user is created, it is automaticallt assigned the new company.com UPN rather than the company.local UPN which then has to be manually changed (easy enough to do, I just want to make is seamless).

Any suggestions?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 22

Expert Comment

by:yo_bee
ID: 41895134
I will only speculate, but that would be a domain name change if you want to do that.
0
 
LVL 5

Accepted Solution

by:
Kevin Stanush earned 500 total points
ID: 41896859
If you are using ADUC to create the user accounts, there isn't any method to change the default. ADUC will always default to the domain you are running it under to manage.  

There is another EE question for this here:

https://www.experts-exchange.com/questions/21422882/How-to-change-the-default-UPN-suffix.html

The solution to this question though, while it looked promising, did not work for me.  Essentially, you were to put in another UpnSuffix value at the OU level, but all this did for me was give me another option in the dropdown, and it did not change the default.  But its worth a try, if it does not work, just clear the attribute.

The only thing you can do (if the OU level upnsuffix does not work) is to make sure anyone that is creating user accounts knows how to set the alternate upn suffix you want, or create the users from a custom application/script that you can make do whatever you want.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 41896908
Here is a reason to use scripting to create users and you can template the scripts to automate group membership.
With scripting, you can control the UPN being used.
0
 
LVL 4

Author Closing Comment

by:Alexandre Michel
ID: 41900971
Thanks everyone for commenting. Most answers were confirming that it is not possible to automatically set the domain using the GUI . Sigh.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question