+ Post New Thread
Results 1 to 10 of 10
Cloud Services Thread, Office365 and UPN suffixes in Technical; This is a "can you just check I've got this right?" post. Our current UPNs are of the format username@subdomain.school.region.sch.uk ...
  1. #1


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,628
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223

    Office365 and UPN suffixes

    This is a "can you just check I've got this right?" post.

    • Our current UPNs are of the format username@subdomain.school.region.sch.uk
    • Our internal domain is subdomain.school.region.sch.uk
    • Our embryonic Office365 is using our school.region.sch.uk domain.
    • Our email addresses are of the format username@school.region.sch.uk, with aliases for first.last@school.region.sch.uk


    From what I can glean from the documentation* and various blogs, I need to configure an alternate UPN suffix of school.region.sch.uk and apply that to any accounts in OUs that I'm including in DirSync.


    However, If I didn't add the UPN suffix and change the UPN of any accounts I want to include in Office365 would it...

    Give me an Office365 username of:

    username@subdomain.school.region.sch.uk
    username@school.region.sch.uk
    username@whateverIpicked.onmicrosoft.com

    ?

    (I'm asking because we've got a couple of bits of software that are (IIRC) picky about changed UPNs.)

    *which has gaps you could drive wildebeest through.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,331
    Thank Post
    622
    Thanked 1,578 Times in 1,415 Posts
    Rep Power
    413
    It'd be whatever you've picked.onmicrosoft.com

    Unless you had added your current domain and validated it which you can't do unless it's internet accessible.

    Ben

  3. Thanks to plexer from:

    pete (12th November 2013)

  4. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,331
    Thank Post
    622
    Thanked 1,578 Times in 1,415 Posts
    Rep Power
    413
    If you want to sync using your email domain then yes you need to configure it as an alternative upn suffix and change your uses accounts to use it.

    Do this before you run a sync as it's a pain to change afterwards.

    Ben

  5. Thanks to plexer from:

    pete (12th November 2013)

  6. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,628
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Cheers.

    Now I need to go audit all the stuff talking to AD to see how it handles an UPN change.

  7. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,331
    Thank Post
    622
    Thanked 1,578 Times in 1,415 Posts
    Rep Power
    413
    Most stuff probably just references the sAMAccountName so I doubt it'll make any difference.

    Ben

  8. #6

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,113
    Thank Post
    403
    Thanked 619 Times in 566 Posts
    Rep Power
    180
    You could, I think, if you needed to, don't change your UPN but just add in alias email addresses for your school domain? I am sure there's a Powershell to do that in bulk.

  9. Thanks to Edu-IT from:

    pete (13th November 2013)

  10. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,331
    Thank Post
    622
    Thanked 1,578 Times in 1,415 Posts
    Rep Power
    413
    adding it as an smtp address may indeed work but I haven't tested that.

    Ben

  11. Thanks to plexer from:

    pete (13th November 2013)

  12. #8

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,037
    Thank Post
    160
    Thanked 908 Times in 712 Posts
    Blog Entries
    3
    Rep Power
    270
    Hi,

    The UPN that you choose with in essence be the User ID assigned to the user when they login to Microsoft Office 365, generally people try to keep this the same as the Primary SMTP to keep things simple for the end users so that they don't have to remember another (email type address) as we all know a lot of people struggle to remember their actual email address due to how long they are in some case! :-)

    So, You will need to do the due-diligence to ensure none of your third party applications rely on the UPN Attribute within Active Directory but my guess is that they would use the SamAccountName to be honest.

    You would add the UPN Suffix into Domains & Trusts, You would then assign the users across your organization with the new UPN Suffix. (this script may help with that)

    #Replace with the old suffix
    $oldSuffix = 'old.suffix'

    #Replace with the new suffix
    $newSuffix = 'new.suffix'

    #Replace with the OU you want to change suffixes for
    $ou = "DC=sample,DC=domain"

    #Replace with the name of your AD server
    $server = "domain controller"

    Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
    $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix )
    $_ | Set-ADUser -server $server -UserPrincipalName $newUpn
    }
    When you run the directory sync, your users then will have a User ID as above (UPN) and they will also have this as an SMTP Attribute. You can add further Proxy Addresses if you wish to these user accounts in bulk by using the following PowerShell command: {remember to create a CSV File, which uses the below headers}

    Import-CSV C:\UserList.CSV | ForEach {$user = Get-ADUser $_.UserPrincipalName -property proxyAddresses | $user.ProxyAddresses = @{Add=$_.EmailAddresses | Set-ADuser -Istance $user}}
    I hope that helps,

    James.

  13. Thanks to EduTech from:

    pete (13th November 2013)

  14. #9
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,202
    Thank Post
    449
    Thanked 173 Times in 170 Posts
    Blog Entries
    3
    Rep Power
    63
    I know it's not the most efficient way, but I currently manually activate the new accounts and at that point also change the UPN from the onmicrosoft.com domain to the school email domain.

    Doing them in bulk makes this less time consuming, however means I haven't had to alter anything in AD.

  15. #10
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    445
    Thank Post
    69
    Thanked 55 Times in 46 Posts
    Blog Entries
    1
    Rep Power
    17
    I used wise soft bulk ad to do the prep work in ad, the only thing I wish id done and I still might, is add the exchange custom attributes, but running the start of an exchange installer seems a not so great way to do this.

    I changed the pun suffix to match my email address, however we want a specific email address format and I didn't really fancy changing everyone's usernames to match this format.

    So my staff have a username example shj@domain.co.uk

    And an email address j.smith@domain.co.uk

    My students have the same user and email which is much simpler.

    I would really advise getting the work done in ad first, now I have a script set to run automatically which assigns licenses, set locale etc for new users just after each sync.

SHARE:
+ Post New Thread

Similar Threads

  1. Office365 and shared calendars
    By djones in forum Cloud Services
    Replies: 4
    Last Post: 13th May 2014, 03:00 PM
  2. office365 add new UPN question and other Dirsync woes
    By RabbieBurns in forum Cloud Services
    Replies: 1
    Last Post: 15th July 2013, 07:19 PM
  3. Chromebooks and Office365
    By fiza in forum Hardware
    Replies: 21
    Last Post: 20th December 2012, 11:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •