Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Active Directory

How to Add UPN Suffixes in Active Directory

In this Ask an Admin, I’ll explain what User Principal Name (UPN) suffixes are and how to add them to your Active Directory infrastructure. UPN suffixes form part of Active Directory (AD) logon names. For example, if your logon name is [email protected], the part of the name to the right of the ampersand is known as the UPN suffix (so, in this case ad.contoso.com).

Editor’s Note: If you need a quick primer on what UPN is from a Microsoft perspective, an article about UPN on the Windows Developer Network elaborates:

“This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user’s ID and the domain name.”

When you configure a new user account in AD, you are given the option to select a UPN suffix, which by default will be the DNS name for your AD domain. There are situations where it can be useful to have a selection of UPN suffixes available. If your AD domain name is ad.contoso.com, it might be more convenient to assign users a UPN suffix of contoso.com. To make additional UPN suffixes available, you need to add them to AD.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Adding a UPN Suffix to Active Directory

The following instructions apply to Windows Server 2012 and later editions.

  • Log in to Windows Server with a domain administrator account.
  • Open Server Manager using the icon on the desktop taskbar, or from the Start screen.
  • Select Active Directory Domains and Trusts from the Tools menu.
  • In the Active Directory Domains and Trusts management console, right-click Active Directory Domains and Trusts in the left pane and select Properties from the menu.
  • In the dialog box on the UPN Suffixes tab, type the name of the suffix that you would like to add to your AD forest in the Alternate UPN suffixes box. Click Add and then OK.
  • Close the Active Directory Domains and Trusts console.

Choose a UPN when configuring an new user in Active Directory

Now when you add a new user account to Active Directory, you should see the new UPN suffix available in the list when setting the username.

If you still have questions about the care and feeding of UPN, Microsoft Technet has an extensive article on naming conventions in Active Directory. If you have other issues with UPN in your IT environment, I’d suggest that you take a look at the Petri forums, which include discussion of such UPN topics as having multiple UPNs in your AD forest, or creating a custom UPN suffix for an OU. My Petri IT Knowledgebase colleague John O’Neill, Sr., also touches on UPN configuration in his article about integrating active directory with Office 365

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By