How to change the UPN on Windows domain

How to change the UPN on Windows domain.

When you are ready to migrate to o365 and realize that your domain is not routable because more than 10 years ago when the domain was created they used .local extension, now a lot of years later you have to fix it.

Another scenario is when the company A acquires Company B and its time to unify everything, you have to change UPN also.

In my opinion is more common the first scenario, the second one is an option though.

The process to complete this setting is as follow:

In your domain controller go to Active Directory Domains and Trusts

Right click on Active Directory domains and trusts and select properties

The UPN suffixes window will appear and here we can add an alternative Suffix as shown below:

Click on Add, then OK to register the alternative domain name.

Now we have another UPN suffix in our domain, we can change this domain name either to specific users or the whole domain users.

In this case lets change to a specific user. To do so, open Active Directory Users and Computers and find a user to change the UPN.

Right click and select properties, then click on Account tab and click on the domain name

As you can see on the figure, now we have available the new domain name, then select the new UPN suffix and click on OK.

Lets validate the change using PowerShell:

As you can see on the UPN attribute, we have now the correct domain name.

So, if you need to change the same for all users in your domain you can do in different ways.

Here you have an script to do so.

# How to change the UPN by Tony Gonzalez

#Lets create a variable to assign the users to affect.

#In case you can modify only few users, you can assign those users to this variable

$Users = Get-ADUser -Properties * -Filter * -SearchBase “OU=UK,DC=TonySolutions,DC=com”

#$Users = Get-ADUser -Properties * -Filter *

Write-Host “The total of users to change the UPN are: $($Users.Count)” -ForegroundColor Yellow

Write-Host “Are you sure to continue? (Y/N)” -ForegroundColor Yellow

$Continue = Read-Host

if($Continue -like ‘y’)

{

    foreach($User in $Users)

    {

        $NewUserUPN =  $User.UserPrincipalName.Replace(“TonySolutions.com”,”TonyGonzalez0379.com”)

        #Notification about the user we are working on

        $Name = $User.SamAccountName

        Write-Host “Working with $($Name)”

        #Applying the change

        Set-ADUser $Name -UserPrincipalName $NewUserUPN

        #Validating the change

        $Sam = $User.SamAccountName

        Get-ADUser $Sam -Properties UserPrincipalName

    }

}

else

{

 Write-Host “No changes made to the $($Users.Count) Users” -ForegroundColor Green

}

Thanks for reading!

Invite me a beer!

Choose an amount

$1.00
$3.00
$5.00

Your contribution is appreciated.

Donate

Gracias!

Obrigado!

Dhanyavaad!

How to count members in an Active Directory group using PowerShell

   There are different methods to get this information when the group is small, but the problem shows up when a group contains thousands of members.

The first cmdlet that I tried was:
$members = Get-ADGroupMember -Identity “Group Name”

The idea is execute the follow line:
$members.count

But I got this error: “The size limit for this request was exceeded”

And the same with the follow cmd lets:
  • Get-ADGroupMember -Identity “Group Name” > C:\Temp\members.txt (even exporting the result to a csv file).
  • Get-ADGroupMember -Identity “Group Name” | Measure-Object
  • Get-ADGroupMember -Identity “Group Name” | Measure-Object | select count

The command that worked properly for me was:
$members = Get-ADGroup -Identity “Group Name” -Properties Members
$members.count

I my case, I ran this command for a group that contains more than 7k members.