Remediating the UPN suffix
$newUPN = $_.UserPrincipalName.Replace('<currentUPNsuffix>', '<newUPNsuf-
$_ | Set-ADUser -server <servername> -UserPrincipalName $newUPN
The next sample script updates an entire domain, instead of just a single OU, to replace the
default UPN suffix of to The -whatif parameter is used so
that when the script is run, it shows the effects of the script without actually making any
changes. If the output is what you expect, then remove the -whatif parameter to have the
script make the changes when you run it. Figure 3-18 shows a script being executed in the
Windows PowerShell 3.0 Integrated Scripting Environment (ISE).
import-module ActiveDirectory
Get-ADUser -SearchBase "dc=thomsonhills,dc=com" -SearchScope subtree -filter * |
ForEach-Object {
$newUPN = $_.UserPrincipalName.Replace('', '')
$_ |
Set-ADUser -server mail -UserPrincipalName $newUPN -whatif
Figure 3-18 Windows PowerShell Integrated Scripting Environment (ISE) modifying the UPN
