Recursive / Mass Primary UPN Update / Change in AD

Recursive / Mass Primary UPN Update / Change in AD (Active Directory):

for this to work you must have added the UPN in the domains and trusts properties

"Alternate UPN Suffixes" list. Do not attempt to update the primary UPN until the

Domain controllers have all synced the changes to the UPN suffixes.

You should see the new UPN in the drop down next to user login name, under the

account tab for the user in Active Directory.

Note: Regardless of the suffix EVERY account should have a valid defined suffix

or this will cause problems with many different products.

Source

clear

import-module activedirectory

$Tstamp = Get-Date -uFormat "%Y_%m_%d %H:%M:%S"

$SearchOUs = @("ou=faculty-staff,dc=school,dc=edu","ou=students,dc=school,dc=edu")

$NewSuffix = "bigschool.edu"

Foreach ($OU in $SearchOUs) {

$allusers = Get-ADuser -Filter * -SearchBase $OU

ForEach ($myuser in ($allusers | where { $_.userprincipalname -notlike ("*@" + $NewSuffix) } )) {

if (($myuser.UserPrincipalName -ne $null) -and ($myuser.UserPrincipalName.length -gt 0)){

$myuser | Set-ADUser -UserPrincipalName ( $myuser.UserPrincipalName.split("@")[0] + "@" + $NewSuffix ) -EmailAddress ( $myuser.UserPrincipalName.split("@")[0] + "@" + $NewSuffix )

($tstamp + " " + $Myuser.SamAccountName + " Assigned UPN (1) : " + ( $myuser.UserPrincipalName.split("@")[0] + "@" + $NewSuffix )) | Add-Content -path ($logpath + "UserMaintenance.log")

} else { #null upn, recreate and set

$myuser | Set-ADUser -UserPrincipalName ( $myuser.SamAccountName + "@" + $NewSuffix ) -emailaddress ( $myuser.SamAccountName + "@" + $NewSuffix )

($tstamp + " " + $Myuser.SamAccountName + " Assigned UPN (2) : " + ( $myuser.SamAccountName + "@" + $NewSuffix )) | Add-Content -path ($logpath + "UserMaintenance.log")

}

}

}