The following script can be run as a scheduled task to ensure that your User Principal Name (UPN) suffixes are always set to a certain value. This is especially useful for Office 365 deployments with directory sync enabled if the tenant is using a non-public top level domain for Active Directory (example: domain.local).

Make sure you change the first three variables to match your environment. You can set the $ou parameter to only affect a certain OU (an its sub-OUs if desired) or specify a value in the -filter parameter.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

import-module activedirectory

#Old domain suffix
$oldSuffix = ‘olddomain.local’

#New domain suffix
$newSuffix = ‘newdomain.com’

#Specify the OU this script will target
$ou = “dc=domain,dc=local”

#Specify a writeable domain controller
$server = “domain-controller.domain.local”

Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -server $server -UserPrincipalName $newUpn
}