Javascript required
Skip to content Skip to sidebar Skip to footer
Home / Changing Upn Login Name - Linux Implications? Updated FREE

Changing Upn Login Name - Linux Implications? Updated FREE

Changing Upn Login Name - Linux Implications?

KB ID 0001238

Problem

Changing a users UPN suffix is easy (every bit long as it's been added – see beneath). There is some defoliation most the User Login Name though.

UPN and sAMAccountName

A few weeks ago I had a client that needed this washed, (for an office 365 migration). But they had the added trouble that some of their User Logon Names had spaces in them, they were in first-proper name{space}concluding-name format.

What would happen if I inverse their user logon names? Would they have to use a dissimilar logon name? Would their profile suspension? Or worse all the same, would they all lose their roaming profiles?

 Solution

Adding A New UPN Suffix

Before you can add a new UPN suffix you need to make it available in the domain. Administrative Tools > Active Directory Domains and Trusts > Right Click 'Active Directory Domains and Trusts'  > Properties > Add the new Suffix  >Apply > OK.

Add a New UPN Suffix

From this point forward you can add that as a new suffix for any/all users.

The Event of Changing a User Logon Name

Using the aforementioned user equally higher up, I've changed the 'User Logon Proper name', and added the new UPN Suffix to exam.

Change a Users UPN

How Does Irresolute a User Logon Name Affect Profile and Home Drive Paths?

Put simply it does non! To prove it I did some testing. The profile and dwelling house drive path of this user's is attack the 'contour' tab of their user object.

UPN Changes and Profile Paths

It remains the same afterward the User Logon Name changes. When these users were setup the contour paths and home drive paths were all fix 'on mass', by selecting multiple users and setting the path to \\server-name\folder-name\%username% and it fills in all the 'usernames' with the sAMAccountName and that has not changed.

Does the User Have to Alter their Logon Proper noun?

Confusingly users don't log on with their User Logon Proper name (Ordinarily, but they can if they wanted to) from all the manner back to NT4 we accept logged on with the DOMAIN-Proper noun\USER-NAME format which uses the sAMAccountName, Not the User Logon Name. If you wait at the very first flick at the pinnacle of the folio yous tin see that below the UPN. Its chosen the User proper noun (pre-Windows 2000). Y'all may not of even have noticed, but on Windows 10 they put this correct in your face on the logon screen.

Logon Names and UPN

Whats the Point of a UPN So?

You tin can actually authenticate, and log on with your UPN, (see beneath)

Logon with UPN

This logs on as the user in the example above with the correct profile, and grouping membership etc. Though information technology's non mutual do to logon with a UPN. Microsoft At present Have a Very BAD HABIT of telling users, (and putting in their documentation), to 'Log on with your Email Accost' This is wrong, you really are logging on with your UPN, Microsoft are making the assumption, that your Email and UPN are the same. This is why blogs and forums are full of scripts to modify your UPN so that it matches your email accost. They presume, (usually quite rightly, that if you lot tell users to log on with their UPN they will be confused and not know what that is). And so rather than address this problem, they tell users to log on with their Electronic mail addresses. That's the real reason nosotros are talking about changing UPN's, and probably why your here in the first place.

Some Users Don't Have UPN'south?

This is normal, don't panic, a user does not have to take a UPN, if you are seeing blank entries that user was probably migrated via a script or tool into your AD, or simply was migrated from an older version of Advertizement as part of a domain upgrade.

So Cipher Bankrupt?

No, the local cached re-create of the profile is still named the same every bit the sAMAccountName;

Local Cached Policy Name

And the roaming profile and dwelling drive too stayed the same;

Roaming Profile UPN Change

Warning: But so I don't do the same thing Microsoft did and 'Make an Assumption'. Where irresolute the User Logon Names would affect you is if users were already logging into their machines with their UPN, Then they would need to change their login names to the new UPN, (or use the pre-Windows 2000 login proper name). But I've never seen a user logon with a UPN, the but fourth dimension I've ever logged onto something with a UPN, is when I can't type a dorsum slash to log on as DOMAIN\Username (I employ a Mac).

Remove Spaces From User Logon Names

Seriously who does this? I don't fifty-fifty like spaces in folder names! Beneath is a PowerShell script that volition search through Advertizing and find users with a space in the middle of their logon proper noun and replace the login proper name with firstname.lastname

Change the values in blood-red.

Import-Module ActiveDirectory Become-ADUser -Filter "UserPrincipalName -like '* *'" -SearchBase 'OU=Test,DC=pnl,DC=com' | ForEach { Set-ADUser -Identity $_.SamAccountName -UserPrincipalName "$($_.GivenName).$($_.Surname)@pnl.com" }

Annotation: If you accept users with spaces in their GivenName or Surname attributes in AD this wont work, i.e if AD thinks a users commencement name is Juan Carlos, and the Surname is Rodriquez, then it would modify the user logon name to 'Juan Carlos.Rodriquez' which is the very trouble nosotros are trying to prepare! Also the first name and surname fields in AD have to have properties in them also, or you will see red errors.

Change UPN Suffix For All Users Script

In the script beneath I've targeted a specific OU, but you can change the $ou parameter to point at the root of the domain, and practice all users at once if you lot wish. Modify the values in red to suit your domain.

Import-Module ActiveDirectory $oldSuffix = "pnl.com" $newSuffix = "petenetlive.com" $ou = "OU=Examination,DC=pnl,DC=com" $server = "DC-01" Get-ADUser -SearchBase $ou -filter * | ForEach-Object { $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix) $_ | Fix-ADUser -server $server -UserPrincipalName $newUpn }

Related Articles, References, Credits, or External Links

PowerShell – Update All Domain Users With Email Accost From UPN

PowerShell – Updating Users Electronic mail Addresses In Active Directory

Changing Upn Login Name - Linux Implications?

DOWNLOAD HERE

Source: https://www.petenetlive.com/KB/Article/0001238

Posted by: hogananabrons1942.blogspot.com