{"id":3048,"date":"2013-08-13T00:01:00","date_gmt":"2013-08-13T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2013\/08\/13\/add-user-principal-names-in-active-directory-via-powershell\/"},"modified":"2013-08-13T00:01:00","modified_gmt":"2013-08-13T00:01:00","slug":"add-user-principal-names-in-active-directory-via-powershell","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/add-user-principal-names-in-active-directory-via-powershell\/","title":{"rendered":"Add User Principal Names in Active Directory via PowerShell"},"content":{"rendered":"

Summary<\/strong>: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to add user principal names to users in Active Directory.<\/p>\n

\"Hey, Hey, Scripting Guy! We are planning for our Active Directory migration, and as part of that, I am reviewing users. The problem is that I found out that whoever set up our original installation did not assign values for user principal names (UPN). This will cause us a problem as we move to a federated environment. Can you offer an easy way to populate this value?<\/p>\n

—CG<\/p>\n

\"Hey, Hello CG,<\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. This morning I am sitting on our lanai<\/a> and checking my scripter@microsoft.com<\/a> email on my Microsoft Surface RT. I received an email from one of my friends in Hawaii. He was telling me about a Hukilau<\/a> he went to over the weekend. From his description, it makes me want to grab the Scripting Wife and head out west on the next available flight. The big problem right now, is the weather. I prefer August in Australia to August in Hawaii—it is really hot there.<\/p>\n

In Active Directory Users and Computers, the UPN shows up as the user logon name. It displays the UPN in two different fields, as shown in the following image.<\/p>\n

\"Image<\/a><\/p>\n

To find the actual Active Directory attribute name, I add a bunch of AAAs to the user logon name, and select a domain from the drop-down list. I then go into ADSI edit and look up the value. I see the following:<\/p>\n

\"Image<\/a><\/p>\n

Searching for existing values<\/h2>\n

I use the Get-ADUser<\/strong> cmdlet to look for existing values for the UserPrincipalName<\/strong> attribute. To find the value of the UserPrincipalName<\/strong> attribute, I have to specify it for the –Properties<\/strong> parameter. I specify the SearchBase<\/strong> of the organizational unit (OU), and I use the *<\/strong> filter. This is shown here:<\/p>\n

Get-ADUser -Filter * -SearchBase ‘ou=testou,dc=iammred,dc=net’ -Properties userPrincipalName<\/p>\n

The command and associated output are represented in the following image.<\/p>\n

\"Image<\/a><\/p>\n

Setting the UPN value<\/h2>\n

I use the Get-ADUser<\/strong> cmdlet to retrieve all the users to set. I pipe the resulting user objects to the Foreach-Object<\/strong> cmdlet, and in the script block, I use the Set-ADUser<\/strong> cmdlet. The Set-ADUser<\/strong> cmdlet has a –userPrincipalName<\/strong> parameter that makes it easy to set the UPN.<\/p>\n

To create the UPN, I use a hardcoded domain name, and I get the user’s name from the Name<\/strong> attribute. I use parameter substitution and the –f <\/strong>format specifier to concatenate the user principal name. The command is shown here (this is a single-line command that I broke at the pipe for readability):<\/p>\n

Get-ADUser -Filter * -SearchBase ‘ou=testou,dc=iammred,dc=net’ -Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.name,”iammred.net”)}<\/p>\n

CG, that is all there is to using Windows PowerShell to add the UPN for user accounts. Active Directory Week will continue tomorrow when I will talk about more cool Windows PowerShell stuff.<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/strong> <\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to add user principal names to users in Active Directory.  Hey, Scripting Guy! We are planning for our Active Directory migration, and as part of that, I am reviewing users. The problem is that I found out that whoever set up our original […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,20,45],"class_list":["post-3048","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-user-accounts","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to add user principal names to users in Active Directory.  Hey, Scripting Guy! We are planning for our Active Directory migration, and as part of that, I am reviewing users. The problem is that I found out that whoever set up our original […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=3048"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3048\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=3048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=3048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=3048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}