• Uncategorized
  • 1

Changing domain name and user attributes

When companies changing the names or users need to have a different emailaddress and you have synced your on-prem Active Directory to Azure Active Directory you need to change the users attributes on-prem.

It could be a time consuming job to do this manually for several users, but Microsoft didn’t create PowerShell for nothing 🙂

I have a small script in which I created a function called New-DomainForADUser that will changing the following user attributes:

  • Emailaddress
  • proxyAddresses
  • UserPrincipalName

If you are going to change from one domain to another this simple script will help you. And if you are using Office 365 (who doesn’t?!) you need to first verify the domain to Office 365 – don’t forget that part!

Start by adding the UPN Suffix, you can do it either with PowerShell or the Active Directory Domains and Trusts.

Get-ADForest -Identity "your domain" | Set-ADForest -UPNSuffixes @{Add="newdomain.com"}

Then use the Get-ADForest again to retrieve all the UPN Suffixes.

Get-ADForest -Identity "your domain" | Format-Table UPNSuffixes

Now it’s time to change the attributes for specified users i an Organizational Unit in Active Directory.

Set-NewDomainForADUser -oldSuffix "the old UPN" -newSuffix "the new UPN" -OU "<the entire path to the OU>"

Here’s the script that’s running.

# Author: Pierre Thoor, AddPro AB | http://www.addpro.se
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# 
 
<#
.Synopsis
   Setting new UPN, SMTP aliases and Emailaddress for Users in specified OU.
.DESCRIPTION
   Change domainname of UPN, Emailaddress and proxyAddresses. Changing old primary SMTP to secondary smtp and sets the new domain as primary SMTP.
.EXAMPLE
   Set-NewDomainForADUser -oldSuffix "thoor.nu" -newSuffix "thoor.tech" -OU "OU=Test,OU=Users,OU=Company,DC=thoor,DC=nu"
.NOTES
   2017-11-21 version 1.0 - Created script.
#>
 
function Set-NewDomainForADUser
{
    [CmdletBinding()]
    [Alias()]
    [OutputType([int])]
    Param
    (
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $oldSuffix,
 
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=1)]
        $newSuffix,
 
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=2)]
        $OU
    )
 
 
 
Get-ADUser -SearchBase $OU -Filter * -Properties * | ForEach-Object {
$DisplayName = $_.DisplayName
$oldUpn = $_.UserPrincipalName
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$newEmail = $newUpn
    
    Write-Host "Starting changes for $DisplayName" -ForegroundColor Green
    $_ | Get-ADUser -Properties proxyAddresses | Select -Expand proxyAddresses | Where {$_ -clike "SMTP:*"}
 
    Write-Host " -> Removing primary SMTP - $oldUpn"
    $_ | Set-ADUser -Remove @{proxyAddresses="SMTP:$oldUpn"}
 
    Write-Host " -> Setting old Primary SMTP to Secondary smtp - $oldUpn"
    $_ | Set-ADUser -Add @{proxyAddresses="smtp:$oldUpn"}
 
    Write-Host " -> Setting new Primary SMTP - $newUpn"
    $_ | Set-ADUser -Add @{proxyAddresses="SMTP:$newUpn"}
 
    Write-Host " -> Changing UPN from $oldSuffix to $newSuffix"
    $_ | Set-ADUser -UserPrincipalName $newUpn
 
    Write-Host " -> Setting new Emailaddress $newEmail`n"
    $_ | Set-ADUser -EmailAddress $newEmail
 
}
} 

When you have done that, you can either wait for the AAD Connect sync to kick in or you can force it with:

Start-ADSyncSyncCycle -PolicyType Delta

Don’t forget to notify your users that when they are logging in to the Office 365 Portal, they need to logon with the new username (the new UserPrincipalName).

You also need to create a new Outlook Profile for your users, this can be automated with a simple logon script that you deploy with Group Policy.

Here’s one example to automate this process: https://misstech.co.uk/2015/01/18/office-365-outlook-profiles-in-a-cutover-migration/

Note: If the users username won’t change, you can manually force it with:

Set-MsolUserPrincipalName -UserPrincipalName <CurrentUPN> -NewUserPrincipalName <NewUPN>

 

You may also like...

1 Response

  1. CMP says:

    Hi, i saved the script as Set-NewDomainForADUser.ps1 and ran it with: Set-NewDomainForADUser.ps1 -oldSuffix “domain.com” -newSuffix “domain.nu” -OU ThePathToOU” but nothing happened, am i missing something?

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: