Blog, thoughts and scribbles of an IT Guy all about Cloud!

Read the blog!

Changing the UPN Suffix on User Accounts

In my previous article we added the UPN Suffix to Active Directory Domains and Trusts, you can find that article here.

In this article we will changing the UPN suffix for my user accounts in my lab. There are two ways we can do this, Manually or via PowerShell.


To do this manually we need to follow these steps.

  1. Open “Active Directory Users & Computers”
  2. Find the User account you wish to change, in my scenario lets change “Chris Green”, right click on the AD account and select “Properties”
  3. Click on the “Account” tab
  4. Under “User Logon Name” you will see the users logon name and the current UPN Suffix that has been set, in my case its @365DEMOLAB.local
  5. Simply click on the list and select the new UPN Suffix and Click apply and close the window.

If you are doing a large amount of users in bulk it will be easier to use PowerShell. The process is simple, utilising variables and the Get-ADUser and Set-ADUser, we can change the suffix for specific users or all users in OU (Organisational Unit) or even every user in the domain.

In my example i will be doing to all my users in the “365DemoLab Users” OU.

Firstly on a machine that has the Active Directory PowerShell Module installed we need to import the module into our PowerShell session.

  1. Open PowerShell and type the following


    Import-Module ActiveDirectory

  2. Using the Get-ADUser command and a couple of parameters we are going to store the results into a variable called $users, just to make sure we return what we expect to be right targeted users


  3. Run the variable $users, as you can see the UserPrincipalName is set to 365DEMOLAB.local
  4. Define the old UPN Suffixes and new UPN Suffixes into variables, note: these are CASE SENSITIVE.. so if you results from the previous step show the UPN in UPPERCASE, make sure you create the matching variable.

  5. Using the variable we created in the previous step $users, we are going to pipe that into the set command with the following line

    This will for each User defined in $users, find their UPN ($oldSuffix) and replace it ($newSuffix) and using the set-aduser, apply it.

How do we know this worked?

Well if you go back into AD Users and Computers and select one of the users from the $users variable and check out their Account settings, you should see the new UPN applied.

You can also check via PowerShell by running the following command


In summary, we applied the newly added UPN to user accounts using two methods, manually and via PowerShell. This brings us one step closer to synchronising AD with Azure and Office 365!