Step-By-Step: Changing The UPN Suffix For An Entire Domain Via PowerShell

Some organizations require the use of multiple UPN suffixes for their operations. From time to time, these same organizations will have the requirement to do mass a UPN suffix change. I recently faced said challenge while changing the domain name suffix which ended with .local to a public domain name ending with .com. This needed to be done to address the requested upcoming Azure AD integration with the local AD. While the change can be preformed manually, the method may take ages to complete.

The following post will detail steps to harness PowerShell to automate the change.

In this example, the AD provided has 3 users under “Test OU” called user1 to user3. All 3 are using canitpro.local as the UPN suffix and need to be changed to the UPN suffix “rebeladmin.com”.

suffix1

Step 1:   Open PowerShell ISEwith appropriate admin permissions.

suffix2

Step 2: Type the following and hit enter when completed:

Import-Module ActiveDirectory
$oldSuffix = "canitpro.local"
$newSuffix = "rebeladmin.com"
$ou = "DC=canitpro,DC=local"
$server = "DCM1"
Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -server $server -UserPrincipalName $newUpn
}

 

NOTE:   $oldSuffix represents the old domain UPN suffix. $newSuffix represents the new UPN suffix. $ou represents the search path in which and IT professional can use a specific OU or an entire domain. The entire domain was utilized for this demo. $serverrepresents the DC server name.

suffix4

Step 3: Return to the Active Directory Users and Computer console to confirm the change.

suffix5