Default UPN prefix.

  • 274 Views
  • Last Post 22 April 2016
_chop_ posted this 21 April 2016

Howdy Smart Kids,
Do y'all remember how to change the default upn prefix?
For example:
The default is sAMAccountName@<domain.tld> if you do not specify it when creating a user (you can, of course, specify something different at entry).
Say I want it set to givenName.sn@<domain.tld> if/when you do not specify it when creating a user.
I cannot remember if I always did this programmatically or if I finally found a way to set it in AD. A new organization, same requests. .. .lost my notes. 
Thank you for your time,M

Order By: Standard | Newest | Votes
kurtbuff posted this 22 April 2016

Eric,

Thank you for the education - as always, you're most enlightening.

Have a very nice weekend!

Kurt

show

kool posted this 22 April 2016

Hi Kurt,

I can identify with the "getting old and forgetting things" sentiment!

The "User logon name (pre-Windows 2000)" is the samAccountName. One clue is that you can't change the prefix. It is always set to "\" which of course is the NTLM canonical name form.

I wrote that property page and although it has been a long time (see first sentence), I'm pretty certain my recollection is correct here.

One of my regrets when leaving Microsoft was that I couldn't take a copy of my source code with me. It wasn't actually mine, it was owned by MS, etc. Not only does that source code represent years of my work there, but I found it useful to be able to go back and consult it and now I can't do that anymore. Maybe someday MS will open-source Windows but I'm not holding my breath.

TGIF!

Eric

show

kurtbuff posted this 22 April 2016

OK - I must be getting old and forgetting things.

I though that the account tab specified the samaccountname in the
"User logon name" field, and I can't even remember what is specified
in the "User logon name (pre-Windows 2000)" field.

Kurt

show

kool posted this 21 April 2016

The Account tab of Users and Computers allows you to specify a different user logon name (UPN) prefix that is different from the samAccountName (post account creation). I presume that you could customize FIM/MIM to create accounts in this form and PowerShell certainly could also be used, but there is nothing in the built-in AD toolset that would allow automatically assigning givenName.sn@xxxxxxxxxxxxxxxx as the UPN.

Eric

show

kurtbuff posted this 21 April 2016

It's not a task I've ever done, but in all of my banging around in the
various RSAT tools (ADUC, mostly) I've never seen a way to do it,
except in adsiedit, and that would only be good for one-offs.

So, either programmatically, or, as you say, some addin.

Kurt

show

_chop_ posted this 21 April 2016

Hey Kurt,     Thank you very much for taking the time to respond. I understand how to do it. 
I cannot remember (and I will admit I may be dreaming this up) if I always did this programmatically or if I finally found a way to set it in AD (a configuration item or attribute mapping).
I'm thinking I did do it programmatically (or some clever addin/snap-in).
Thanks again,M
> Date: Thu, 21 Apr 2016 13:53:33 -0700
> Subject: Re: [ActiveDir] Default UPN prefix.

show

kurtbuff posted this 21 April 2016

I would think that powershell's set-aduser would do this for you.

Kurt

show

Close