Adding Alternate UPN Suffix to Active Directory Domain

Advertisements

About Adding an Alternate UPN Suffix to a Domain

UPN suffix is the name of the domain that is added after the ‘@’ sign when a domain user account is created. An example of a UPN suffix can be ‘mydomain.com’. When a domain user account is created, the complete domain account comprises of a user logon name followed by @ and the name of the domain. For example, a complete domain user account named ‘user01’ in the domain ‘mydomain.com’ would be ‘myaccount@mydoman.com’, where ‘mydomain.com’ is the UPN suffix for ‘user01’ domain user account.

According to the DNS namespace conventions, every time a child domain is created inside a parent domain, the name of the parent domain is automatically suffixed to the child domain name. For example, if a child domain named ‘yourdomain’ is created under ‘mydomain.com’ domain, and ‘user02’ domain user account is created in the ‘yourdomain’ child domain, UPN suffix of ‘user02’ domain user account would be ‘yourdomain.mydomain.com’, and the complete domain user account would be written and used as ‘user02@yourdomain.mydomain.com’.

Since a DNS namespace can have several child domains, in large scale industries it is likely that the UPN suffix for a domain user that belongs to third or fourth level of child domain would be practically impossible for general non-technical users to remember and use.

To avoid such situations, most administrators in the organizations create alternate UPN suffix that is quite small in length (reduced characters). Alternate UPN suffix makes it easier for the users to memorize and use the lengthy domain user accounts by replacing their original suffix with the alternate one. Moreover, when alternate UPN suffix is added to a domain user account, the user needs not to be aware of the actual domain name and its level in the entire DNS namespace. Considering the above discussed example of ‘user02@yourdomain.mydomain.com’, if an alternate UPN suffix named ‘domain.com’ is created and added to the ‘user02’ account, the user can then use ‘user02@domain.com’ to log on to the domain instead of using ‘user02@yourdomain.mydomain.com’.

Alternate UPN suffix for a domain user can be defined either at the time of the domain user account creation, or administrators can also do so after they have created the domain user account. Nonetheless, alternate UPN suffix must be created in the domain before it can be suffixed to the domain user accounts.

Create Alternate UPN Suffix for a Domain

To create an alternate UPN suffice in a domain, administrators must follow the steps given as below:

  1. Log on to Windows Server 2008 R2 domain controller with domain admin or enterprise admin account credentials.
  2. From the desktop screen, click Start.
  3. From the Start menu, go to Administrative Tools > Active Directory Domains and Trusts.
  4. On Active Directory Domains and Trusts snap-in, from the console tree in the left pane, right-click Active Directory Domains and Trusts [computername.domainname] (‘srv2k8r2-dc01.mydomain.com’ in this demonstration).
  5. From the displayed context menu, click Properties.

    Click Properties

  6. On the properties box that appears, in the Alternative UPN suffixes field, specify the desired alternate UPN suffix for the domain and click Add.

    Add Alternate UPN Suffix

  7. Once added, click OK to save the settings.
  8. Close Active Directory Domains and Trusts snap-in when done.

Add Alternate UPN Suffix for an Existing Domain User Account

To add alternate UPN suffix to an existing domain user account in Microsoft Windows server 2008 R2, administrators must follow the steps given as below:

  1. Log on to Windows Server 2008 R2 domain controller with domain admin or enterprise admin account credentials.
  2. From the desktop screen, click Start.
  3. From the Start menu, go to Administrative Tools > Active Directory Users and Computers.
  4. On Active Directory Users and Computers snap-in, from the console tree in the left pane, double-click to expand the domain name.
  5. From the displayed list, click to select Users container.
  6. In the right pane, right-click the user for which alternate UPN suffix is to be added.
  7. From the displayed context menu, click Properties.

    Right-click User

  8. On the opened properties box, go to Account tab.
  9. On the selected tab, under User logon name section, choose the alternate UPN suffix from the drop-down list that was created earlier in Active Directory Domains and Trusts snap-in.

    Adding Alternate UPN Suffix for a User

  10. Once selected, click OK to save the modified settings.
  11. Close Active Directory Users and Computers snap-in when done.

Vivek Nayyar

Vivek Nayyar

Works as Systems Admin in Siskin Technologies, India. Corporate trainer on Microsoft and Cisco platforms. Specialized in Virtualization Technology. LAN Consultant for some local organizations. Technical Writer and Author.
Vivek Nayyar

Latest posts by Vivek Nayyar (see all)

Advertisements