After this question, it became glaringly obvious that it was a huge oversight for our clients user experience. If a user knows their email and password, why should they have to call up IT, to configure their emails on the phone.
Simple fix. User Principle Name (UPN) Suffix.
There are 2 steps required. First add the new UPN suffix in Domains and Trusts, and then set it as the default, for the users. As I was in the process of rolling it out to all of our clients, I deemed it worth my time to investigate a script to create the new UPN suffix, and then set it by default, per OU.
So, there is no way to set the default UPN to anything other than the conical name, in the domain.
You can change the domain, and perhaps that might be
worth looking into for your circumstance, but for me and my clients, definitely not worth the headache.
That aside, this is really the only thing that I can see that
would benefit from that.
There’s 2 sections. 1 to add the UPN, the other to set it
based on OU. You can apply it to the root of AD, but I think best practices
would be to treat this like GPOs, and apply it to only the OU that it’s
required. This also allows modular management, if you have multiple accepted domains in Exchange, with multiple defaults for different users.
If you run this from Active Directory Module for Powershell,
you do not need the top line.
I’ve made bold all the bits that are variable.
Side note: I have not tested
the 2 sections in the same script yet.
Import-Module ActiveDirectory
#Create new UPN.
Set-ADForest -Identity garhar.local -UPNSuffixes
@{Add="garhar.com"}
#Current/old suffix
$old = 'garhar.local'
#new suffix
$new = 'garhar.com'
#targeted OU
$ou = "OU=Users,OU=Test,DC=garhar,DC=local"
#AD server
$server = "DC01"
Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$new =
$_.UserPrincipalName.Replace($old,$new)
$_ | Set-ADUser -server $server -UserPrincipalName $new
}
That's brilliant. Thanks mate.
ReplyDelete