Last Updated on May 26, 2015 by Dishan M. Francis

In organization, company may need to use multiple UPN suffixes for their operations. I wrote an article before explaining how to add multiple UPN suffixes to the domain. You can read it from

There are situation where you will need to do mass UPN suffix change. One of the recent challenge I face was, changing domain name suffix which end with .local to public domain name which ends with .com. because I was working with Azure AD integration with local AD. It only supports with public domain name. In my issue it was only few users since its demo, but what happen if you need to change it for hundreds of users? If you use manual method it will take ages to complete.

In following demo I am going to show how it can be done using power shell script.

In AD I have 3 users under “Test OU” called user1 to user3. All 3 are using canitpro.local as the UPN suffix.


I need to change all users in to UPN suffix “”.

To do that, open PowerShell ISE with appropriate admin permissions.


Then type and press enter,

Import-Module ActiveDirectory
$oldSuffix = "canitpro.local"
$newSuffix = ""
$ou = "DC=canitpro,DC=local"
$server = "DCM1"
Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -server $server -UserPrincipalName $newUpn

In above $oldSuffix represent the old domain UPN suffix. $newSuffix represent the new UPN suffix it should change in to. $ou represent the search path. You can use specific OU or entire domain. I used entire domain for the demo. $server represent the DC server name.


Now, let’s go and check if it’s changed. As we can see its changed in to new suffix.


If you have any question about the post feel free to contact me on