Assign A UPN Public Domain Suffix In Active Directory

UPN stands for User Profile Name. As a part of configuring Hybrid Search for SharePoint 2016 and synchronizing the Local Active Directory with Office 365, we have to register a public domain with Office 365. You can see how to register the public domain here. For configuring Cloud Hybrid Search in SharePoint 2016, there is a requirement that UPN domain suffix in the Active Directory domain, where Active Directory Services are configured,  matches the public domain that was created and registered with Office 365. The Active Directory can be in an On Premise Server or it can be in a virtual machine, hosted in Azure. Let’s see how we can assign a UPN to the local Active Directory and update it for the multiple users within the Active Directory.

In my existing configuration, I have hosted SharePoint Services in Azure and I have set up Azure Directory Services in a virtual machine. In my case, it is hosted in the Server VM01-AzureAD. Select 'Active Directory Domain and Trusts' from the Server hosting the active directory.

Right click the on the root and select Properties.

This will open up the Window, where we can specify the UPN suffix. Specify the public domain, which we had registered earlier with Office 365 here. Click Add.

Now, head over to the 'Active Directory Users and Computers'.

Updating the UPN for a Single User

Select the user names, whose UPN you would like to change. If the number of accounts is less, we can do it manually by editing the user login name and updating the new UPN. By default, as it opens up, it will show the existing local domain, which is, given below.

We have to change it to (My Public Domain). Click apply.

Updating the UPN for Multiple users

However, if there are multiple users, doing it manually for each user is cumbersome. In such a case, we can use PowerShell. Spin up PowerShell as an administrator and run the command, given below, which will give us the users in the domain and their details

Get-ADUser -SearchBase $DN -filter *

As you can see, the UPN of the AD users is currently

Run the below script to get the distinguished name of the domain controller which we will need to use in the PowerShell script.

Get-ADComputer $env:COMPUTERNAME | Get-ADPrincipalGroupMembership

Run the script, given below to change the existing UPN ( to the new UPN. 

( The script, given below, will fetch each user from the current domain and replace UPN with a new value, using the Set-ADUser command.

  1. Import-Module ActiveDirectory  
  3. $existingUPNSuffix = ""  
  4. $newUPNSuffix = ""  
  5. $DN = "DC=AzureAD,DC=Contoso,DC=com"  
  6. $ADServer = "VM01-AzureAD"  
  7. Get-ADUser -SearchBase $DN -filter * | ForEach-Object {  
  8. $newUPN = $_.UserPrincipalName.Replace($existingUPNSuffix,$newUPNSuffix)  
  9. $_ | Set-ADUser -server $ADServer -UserPrincipalName $newUPN  
  10. }  

Post running of the script, mentioned above, let’s see if UPN has changed. Run Get-ADUser command to retrieve the users in the domain.

Get-ADComputer $env:COMPUTERNAME | Get-ADPrincipalGroupMembership

After running the script, UPN has changed from to


Thus, we saw how to bulk update the User Profile Name (UPN) in the Local Active Directory of the 'On Premise Server'.