Create a new UPN and use it as default for all your users

If you in ex. want to enable Autodiscover for your mail clients, they need to have their e-mail as their username, and there for the UPN (Universal principal name), has to be changed from domain\user to

Here is how to do this in Active Directory, and then via PowerShell, change it on all the already created, user accounts.

  1. Open Active Directory Domains and Trusts
  2. Right-click “Active Directory Domains and Trusts and choose “Properties”
  3. Now add the mail domain name to it:
  4. Press OK and your’e done with this part.
  5. Now all the users that already are on the system, needs to have their default UPN replaced, this can be achieved with a PowerShell script:
    #Import the ActiveDirectory Module 
    Import-Module ActiveDirectory
    #Insert the old UPN Suffix here 
    $oldSuffix = "domain.local"
    #Insert the new UPN Suffix here  
    $newSuffix = ""
    #Replace with the OU you want to change suffixes for 
    $ou = "OU=Users,DC=domain,DC=local"
    #Replace with the name of one of your AD server's
    $server = "dc01.domain.local"
    #Now the script to replace the user accounts
    Get-ADUser -SearchBase $ou -filter * | ForEach-Object { 
    $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix) 
    $_ | Set-ADUser -server $server -UserPrincipalName $newUpn 

    Copy the above script to a .ps1 file and run it from powershell, and this, you should see the default domain has be changed on each user account 😉


  1. Matthew Moynahan

    While we realize that this UPN change can be done in bulk for existing users, is there a way to change the default MS AD Behavior to alter the default domain/userid to an UPN like Dept/userid or even better a rotable address like

    I am not aware of a method to do this upon account creation other than changing the underlying Domain Name.


    1. Martin (Post author)

      Hi Matt,

      Well..I am not aware of anything, that can be set on the domain per default, from my point of view, it will always be the domain of your AD that will be default, but you can add your users with the powershell command “SET-ADUser” from here you create the new user, and the same time set the users default logon name.
      That’s the only workaround I’m aware of.

      Have a great day 😉

      best regards

  2. MSTechnicalr

    Kind of annoying, considering they recommend for new AD domains. I see why people use for their internal domain. I am forced to use a template account or a scheduled task to fix it.


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.