Modify UPN but not Logon name

Is it possible to modify the UserPrincipalName but leave the User Logon Name (samAccountName) unchanged in Active Directory?

We have many young students logging in with 'firstname lastname'.

I would like them to also log in with a UPN 'firstname.lastname@domain' as it is the same as their email but at the moment it is 'firstname lastname@domain'

Many thanks in advance

Mat
matedwardsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
Mat,
This is easily achievable via powershell.   First get the distinguished name of the OU your users reside in.
1. IN AD right-click the Users container>click properties>click attribute editor>highlight the distinguishedName>click view>copy the dn to clipboard or notepad

2.  Launch Powershell as an administrator and run the below command **paste your distinguishedname after -Searchbase and also put in your specific domain at the end of the command below where you see @pnl.com**

Import-Module ActiveDirectory
Get-ADUser -Filter "UserPrincipalName -like '* *'" -SearchBase 'OU=Test,DC=pnl,DC=com' | ForEach { Set-ADUser -Identity $_.SamAccountName -UserPrincipalName "$($_.GivenName).$($_.Surname)@pnl.com" }
0
matedwardsAuthor Commented:
Thanks Fox..  trying now...
0
matedwardsAuthor Commented:
Should it be ForEach-Object Fox.?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

FOXActive Directory/Exchange EngineerCommented:
Yes, if you would like to change all the users UPN to firstname.lastname in that OU, yes
0
matedwardsAuthor Commented:
I have created a test OU with just my user in it.. the UPN changed.. but I have ended up with a User Logon Name of mat.  (below)

USer-Logon-Name.JPG
Many thanks again for the help, Fox...
0
Kevin StanushApplication DeveloperCommented:
Did you set both the first and last name on the account?  Making bulk changes in AD is very powerful, but it should always be done very carefully so you don't have unintended outcomes.  Always list the prior values, along with any values that you are going to be getting the data from, and save these in case you need to roll back the changes.

I just posted a video a few minutes ago on how we do this:

https://www.youtube.com/watch?v=exR2FK7rQ44

While you can also do this interactively in Hyena instead of importing the changes, get a listing of all of the current upn and given names/surnames before running this on an entire OU.  And, have a backup too.
0
FOXActive Directory/Exchange EngineerCommented:
Which means that your user did not have a last name listed in the properties.  The surname in the script is your last name.  in your test OU create a user and give it a first name of John and a last name of Doe and do another test.
0
matedwardsAuthor Commented:
Thank you, Kevin

Very good points.

I have created a test OU with one user and the Get-ADUser -filter command ensures only that user is pulled out.

I would like to establish that it is actually possible to have 'firstname lastname'(with a space) as the user logon and 'firstname.lastname'(with a .) as the prefix of the UPN.

I take it Hyena is a paid AD manager?
0
matedwardsAuthor Commented:
Apologies Fox.. only just saw your post..

I have run it again and got firstname.lastname as the user logon name.

Is it not possible to keep a space and only have the . in the UPN.?
0
FOXActive Directory/Exchange EngineerCommented:
Mat,
You seem to have changed your original request.  You first stated that you want your users to have a UPN of firstname.lastname, now you are saying you want them to have a space.

Original request:

Is it possible to modify the UserPrincipalName but leave the User Logon Name (samAccountName) unchanged in Active Directory?

We have many young students logging in with 'firstname lastname'.

***I would like them to also log in with a UPN 'firstname.lastname@domain' as it is the same as their email but at the moment it is 'firstname lastname@domain'**

Many thanks in advance

Mat
0
Kevin StanushApplication DeveloperCommented:
Yes, Hyena is a paid solution, but we have a fully functional 30-day trial.
0
FOXActive Directory/Exchange EngineerCommented:
Mat,
The User logon name is your UserPrincipalName.  You have your desired results
0
matedwardsAuthor Commented:
Apologies for being unclear...

Their username has a space which means their existing UPN has a space.

Can I add a . only to their UPN?
0
FOXActive Directory/Exchange EngineerCommented:
Mat,
Please be clear on your desired results.  Do you want the UPN to be firstname.lastname@domain.com?
0
matedwardsAuthor Commented:
Please be clear on your desired results.  Do you want the UPN to be firstname.lastname@domain.com?

Yes, absolutely...
0
FOXActive Directory/Exchange EngineerCommented:
Ok
You have achieved that result with the script I supplied you

In AD the top User logon name is the UserPrincipalName
The bottom User logon name (pre-Windows 2000) is your samaccountname

For purposes of confirmation run this command on the user in question

Get-Aduser "theusername" -properties * | select UserPrincipalName, samaccountname
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
matedwardsAuthor Commented:
Ah, I have it wrong, the (pre-Windows 2000) is the samaccountname... sorry!!

I thought the first field was the samAccountName - doh!

So, that keeps a space and the UPN gets the[b] .[/b]

I've tried it and can tell the young students to continue logging in with a space, but it's actually with their (pre-Windows 2000), or their email (which is actually their UPN)

Many thanks for your help...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.