Modify UPN to match Primary SMTP address

 

You may have read a previous blog I wrote in which I explained a new feature in AADSync which allows you to use the Primary SMTP address as a username in Office 365, therefore allowing you to leave the UPN value unchanged. However this method is not without it’s problems, and during a recent Hybrid Deployment of Office 365 it was decided to instead change the UPN prefix and suffix to match the users Primary SMTP address.

The risk to be aware of here is that if one of your LOB applications or a Service Account is using the UPN for authentication, you will break authentication for this app/service.The customer in question was confident that this wasn’t the case, but just to be sure we changed the UPN for a few test users prior to rolling this change out.

To clarify, the users Pre-Windows 2000 and UPN logon prefixes were firstinitialsurname, for example, ECoates, whereas the Primary SMTP address was firstname.lastname@contoso.com, for example, Emily.coates@contoso.com. We wanted users to be able to login to Office 365 using their ’email address’, so we decided to change all UPNs to match. There are 2 commands that could be used to accomplish this. The end result of the commands was that the users UPN would be changed from ddixon@contoso.local to Emily.coates@contoso.com. We also only wanted to change to be made to user accounts with a Primary SMTP address specified.

Pre-Requisites

Either of the two below commands can be run to achieve this goal. However, before either of these commands are run, it is important to make sure that the UPN suffix you wish to be populated exists in AD Domains and Trusts. To do this, open AD Domains & Trusts, and right click on Properties.

ADDT

Then enter the required domain, such as contoso.com and click Add and Apply. This makes the alternate UPN suffix available for use in the domain.

Alternate UPN Suffix

The below commands need to be run from an elevated Exchange Management Shell prompt. It is up to you which to run.

Command 1

This command finds all users who have a Primary SMTP address and then sets the UPN to be identical to this. It will ignore any user who does not have a Primary SMTP Address.

$users = Get-User | Where {-Not [string]::IsNullOrEmpty($_.WindowsEmailAddress) } 
$users | ForEach {Set-User –Identity $_.Guid.ToString() –UserPrincipalName $_.WindowsEmailAddress.ToString()}

I found this command to be a little hit or miss, but this may be due to the size of the user base I was working with.

Command 2

This command finds all users who have the specified UPN suffix (such as a non-routable suffix like contoso.local) and changes their UPN to match their Primary SMTP address. If a user has no Primary SMTP address, it will not change the properties of that user.

$users = Get-User –Filter {(UserPrincipalName –like '*@contoso.local')} 
$users | ForEach {Set-User –Identity $_.Guid.ToString() –UserPrincipalName $_.WindowsEmailAddress.ToString()}

My personal preference is to use Command 2 as I had the most success with it, however I would love to hear your feedback on which one worked best for you!

Once you have run the command you can then use the following command to discover if any users were not successfully modified:

Get-User –Filter {(UserPrincipalName –like '*@contoso.local')}

Edit

I have also used the following command after having some problems with command 2 on Exchange 2013 (errors regarding the filter expression):

$mbxs = Get-Mailbox | Where {$_.UserPrincipalName -like '@contoso.local'}
$mbxs | ForEach {Set-User –Identity $_.Guid.ToString() –UserPrincipalName $_.WindowsEmailAddress.ToString()}

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s