In a hybrid environment, it makes sense to configure an alternate UPN suffix so that users are not created in Azure AD with the username *.onmicrosoft.com. In this post, I provide a script that allows you to create the UPN suffix and then change qll users of an OU to this suffix. Let’s dive in.

What I am talking about are this settings.

Configure Alternative UPN Suffix

If no new Suffix has been created yet, copy the following lines into ISE or Visual Studio Code.

Provide the new UPN Suffix in line 3.

# Variables

$newSuffix = "pagr.com"

# Add Domain Suffix

Get-ADForest | Set-ADForest -UPNSuffixes @{Add="$newSuffix"}

Change UPN Suffix for all Users in a OU

Now let’s go for it.

Copy the code and edit line 3,4 and 8 to specify the OU of your users.

# Change UPN bulk

$oldSuffix = "pagr.inet"
$newSuffix = "pagr.com"

Import-Module ActiveDirectory

$ou = "OU=Technicians,DC=pagr,DC=inet"

Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$newUpn = $_.UserPrincipalName -replace $oldSuffix,$newSuffix
$_ | Set-ADUser -UserPrincipalName $newUpn -Verbose
}

Done 😉