How to Add UPN Suffixes in Active Directory
In this Ask an Admin, I’ll explain what User Principal Name (UPN) suffixes are and how to add them to your Active Directory infrastructure. UPN suffixes form part of Active Directory (AD) logon names. For example, if your logon name is [email protected], the part of the name to the right of the ampersand is known as the UPN suffix (so, in this case ad.contoso.com).
Editor’s Note: If you need a quick primer on what UPN is from a Microsoft perspective, an article about UPN on the Windows Developer Network elaborates:
“This attribute contains the UPN that is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, this should map to the user email name. The value set for this attribute is equal to the length of the user’s ID and the domain name.”
When you configure a new user account in AD, you are given the option to select a UPN suffix, which by default will be the DNS name for your AD domain. There are situations where it can be useful to have a selection of UPN suffixes available. If your AD domain name is ad.contoso.com, it might be more convenient to assign users a UPN suffix of contoso.com. To make additional UPN suffixes available, you need to add them to AD.
Adding a UPN Suffix to Active Directory
The following instructions apply to Windows Server 2012 and later editions.
- Log in to Windows Server with a domain administrator account.
- Open Server Manager using the icon on the desktop taskbar, or from the Start screen.
- Select Active Directory Domains and Trusts from the Tools menu.
- In the Active Directory Domains and Trusts management console, right-click Active Directory Domains and Trusts in the left pane and select Properties from the menu.
- In the dialog box on the UPN Suffixes tab, type the name of the suffix that you would like to add to your AD forest in the Alternate UPN suffixes box. Click Add and then OK.
- Close the Active Directory Domains and Trusts console.
Now when you add a new user account to Active Directory, you should see the new UPN suffix available in the list when setting the username.
If you still have questions about the care and feeding of UPN, Microsoft Technet has an extensive article on naming conventions in Active Directory. If you have other issues with UPN in your IT environment, I’d suggest that you take a look at the Petri forums, which include discussion of such UPN topics as having multiple UPNs in your AD forest, or creating a custom UPN suffix for an OU. My Petri IT Knowledgebase colleague John O’Neill, Sr., also touches on UPN configuration in his article about integrating active directory with Office 365
More in Active Directory
Apple's M2 Ultra Mac Pro Completes the Mac Transition to Apple Silicon
Jun 6, 2023 | Laurent Giret
Microsoft Starts Testing New Search Experience in Word, Excel, and PowerPoint for Mac
Jun 2, 2023 | Rabia Noureen
Microsoft Releases Cross-Tenant Synchronization for Seamless Azure AD B2B Collaboration
May 31, 2023 | Rabia Noureen
Nvidia Announces New Hardware and Services for Enterprise AI at Computex
May 30, 2023 | Laurent Giret
Microsoft Lets IT Admins Remove Internet Explorer References From Windows 10
May 19, 2023 | Rabia Noureen
Managing Group Policy Objects: Create GPOs, Link GPOs, and Edit GPOs
Apr 28, 2023 | Michael Reinders
Most popular on petri