Skip to content
Entralyzer Docs

Add New UPN Suffix in Active Directory

You can add an additional UPN suffix in Active Directory by using GUI (Active Directory Domains and Trusts console) or by using PowerShell. In this guide, you will learn how to use both methods.

Add UPN Suffix with GUI

Section titled “Add UPN Suffix with GUI”

  1. Log in to a Domain Controller with a domain administrator account.

  2. Click on Start select Windows Administrator Tools and then Active Directory Domains and Trusts

    active directory domains and trusts

  3. In the console, right-click Active Directory Domains and Trusts in the left pane and select Properties from the menu.

    right click properties

  4. In the Alternative UPN suffixes box enter the UPN suffixes you want to add then click the Add button and Ok. In this example, I’m adding the UPN suffix entralyzer.com

    enter upn suffix name

  5. Now when you add a new user or want to modify an existing one you should see the new UPN suffix.

    change upn for user

Add UPN Suffix with PowerShell

Section titled “Add UPN Suffix with PowerShell”

  1. Run PowerShell as administrator and run the following command to get a list of current UPN suffixes.

    Terminal window
       Get-ADForest | Format-List UPNSuffixes

    Example

    powershell get upn suffix

  2. Next, run the below command to add a new upn suffix. Change the domain to the new domain you want to add.

    Terminal window
     Get-ADForest | Set-ADForest -UPNSuffixes @{add="www.docs.entralyzer.com"}

  3. Check UPN suffixes to verify it has been added.

    Terminal window
      Get-ADForest | Format-List UPNSuffixes

    verify UPN suffix added

Why Add a Custom UPN Suffix to Active Directory

Section titled “Why Add a Custom UPN Suffix to Active Directory”
  1. Simplify user logon
    • Most organizations want users to log in with the same name as their email address.
  2. Microsoft 365 Integration
    • When syncing accounts to Microsoft 365 with the Entra Connect, the UPN should match a verified domain in the cloud.
  3. Support multiple organizations or domains
    • If you merge companies you would need to add the new companies UPN suffix to your Active Directory.
  4. Add verified domain for Entra ID
    • When you synchronize your on-premises directory with Microsoft 365, you have to have a verified domain in Microsoft Entra ID. Refer to the Microsoft document Prepare a nonroutable domain for directory synchronization for more details.

Conclusion

Section titled “Conclusion”

Adding a custom UPN suffix in Active Directory helps create a consistent and user-friendly logon that aligns with your organization’s domain name. It can also be needed when synchronizing on-premises Active Directory to Microsoft 365 using the Entra Connect sync client.