Share via

How to Assign All of My Users with a New Name for UPN

  • Article

How to assign all of my users with a new name for UPN?

Skrypciarzu Hi! How to assign all of my users with a new name for UPN?

CH Hi! UPN (User Principal Name - a user principal name) is an alternative way to log into the domain. In general, log on to the domain is done by pressing Ctrl-Alt-Delete, enter your user name, domain name, password, and press ENTER. Using UPN, no need to separately enter user names and domains. Instead, you enter a user name such as the following: 

kenmyer@fabrikam.com

We will not be here in details on UPN. : Only that, among other things, allows you to log on to the computer, even if your domain name will not appear as an option to select list, log in to the.

How, therefore, change the UPN all users in the domain? Well, this process is a two-step: first, you need to get a list of all users in the domain, and then change the UPN for each. Let's start with the first step.

The best way to get the list of users is search Active Directory. And here you have a script that returns the ADsPath for each user in the domain fabrikam.com:

kenmyer@fabrikam.com

ADsPath returns the path to the user account in Active Directory; for example, the path for the user Ken Myer will look like this:

objUser.userPrincipalName = New UPN we’re assigning the user

objUser.SetInfo

ADsPath we need to connect to the account of each user to change the UPN for that account; ADsPath leads us directly to the account, and - as we shall see - allows you to connect to an account with a single line of code, without having to manipulate the string.

What happens when you connect to the user account? At this point we have to do two things: assign a user a new UPN, and then call the SetInfo, which is part of the new UPN to Active Directory user account. The pseudo-code, this process looks like this:

objUser.userPrincipalName = New user UPN broadcast

objUser.SetInfo

In real code, the process of obtaining all the Active Directory user accounts, connecting to each of them individually, and then assign each of the new UPN looks like this:

On Error Resume Next

 

Const ADS_SCOPE_SUBTREE = 2

 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

 

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

 

objCommand.CommandText = _

    "SELECT AdsPath,samAccountName,userPrincipalName FROM " & _

        "'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user'" 

Set objRecordSet = objCommand.Execute

 

objRecordSet.MoveFirst

Do Until objRecordSet.EOF

    strUser = objRecordSet.Fields("ADsPath").Value

    strNewUPN = objRecordSet.Fields("samAccountName").Value & "@" & "contoso.com"

    Set objUser =  GetObject(strUser)

    objUser.userPrincipalName = strNewUPN

    objUser.SetInfo

    objRecordSet.MoveNext

Loop

After obtaining the collection of user accounts, all set in a Do Until loop out (until). Inside the loop, we begin by assigning ADsPath for User 1 to the variable strUser. Next, we construct a new UPN for the user. UPN usually consists of a name used by the user to login (samAccountName) and the domain name. Since your question was about changing the existing UPN, do something else. We go, that your company has merged with another, and you want users to use the new name (contoso.com) in their UPN. For example:

kenmyer@contoso.com

Therefore create UPN, which will consist of samAccountName, the @ sign and contoso.com, and keep it in a variable strNewUPN. That's what line of code below:

strNewUPN = objRecordSet.Fields("samAccountName").Value & "@" & "contoso.com"

So far all is well. Then we connect to a user account and assign it a new UPN. All this requires only two lines of code:

Set objUser = GetObject (strUser) to

objUser.userPrincipalName = strNewUPN

SetInfo call and our user already has a new UPN. Then a loop and assign a new UPN next user in the collection. This process runs automatically, as long as each user will have a new UPN.

We do not know how often you will have to change the UPN of all users in a domain, but the main idea of ​​this script lies in the fact that you can use it also for many other purposes. For example, you can change the company name, or require all users to change password at next logon. The script that we presented today, you can easily modify it to perform all tasks related to changes in user accounts in the domain.

Source Link