How to add a UPN suffix to Active Directory

Introduction

Learn how to add an additional alternative UPN suffix to Active Directory. In this example, I show you how to use Active Directory Domains and Trusts to add an alternative UPN suffix, as well as using PowerShell to add an alternative UPN suffix.

Video

PowerShell

List all UPN Suffixes using PowerShell

Run the following command to get a list of all UPN Suffixes:

Get-ADForest | Format-List UPNSuffixes

Add a UPN Suffix using Powershell

Run the following command to add a single new UPN Suffix:

Get-ADForest | Set-ADForest -UPNSuffixes @{add="moran.cloud"}

Run the following command to add multiple UPN Suffixes:

Get-ADForest | Set-ADForest -UPNSuffixes @{add="dannymoran.com","moran.cloud"}

Remove a UPN Suffix using PowerShell

Run the following command to remove a single UPN Suffix:

Get-ADForest | Set-ADForest -UPNSuffixes @{remove="dannymoran.com"}

Run the following command to remove multiple UPN Suffixes:

Get-ADForest | Set-ADForest -UPNSuffixes @{remove="dannymoran.com","moran.cloud"}

GUI

Add a new UPN suffix using the GUI

1. Open Active Directory Domains and Trusts.

   Note: You can run domain.msc to open the management console.

2. Right-click Active Directory Domains and Trusts and select Properties.

3. Under Alternative UPN suffixes, enter the new UPN suffix you want to add and then select Add.

4. Repeat the previous step for all domains you want to add.

Remove a UPN suffix using the GUI

1. Open Active Directory Domains and Trusts.

   Note: You can run domain.msc to open the management console.

2. Right-click Active Directory Domains and Trusts and select Properties.

3. Under Alternative UPN suffixes, select the UPN suffix you want to remove and then select Remove.

4. Repeat the previous step for all domains you want to remove.