The script assigns a UPN suffix to a user based on the value of a certain property of the user account. For example, you can set a UPN suffix based on the department of the user specified in AD.
To add such functionality to your environment, create a business rule that runs the script after creating a user.
Parameters:
- $propertyName - Specifies the LDAP display name of the property on which UPN suffixes depend.
- $upnSuffixMap - Specifies a map of the property value and the corresponding UPN suffix. One suffix can be mapped to multiple values.
PowerShell
$propertyName = "department" # TODO: modify me
$upnSuffixMap = @{
"sales.domain.com" = @("Sales")
"helpdesk.domain.com" = @("Help Desk 1", "Help Desk 2")
} # TODO: modify. Example: $upnSuffixMap = @{"<UPN Suffix>" = @("<Property Value 1>", "<Property Value 2>")}
# Get property value
try
{
$value = $Context.TargetObject.Get($propertyName)
}
catch
{
return # Property is empty
}
# Get UPN Suffix
$upnSuffix = $NULL
foreach ($item in $upnSuffixMap.GetEnumerator())
{
if ($item.Value -notcontains $value)
{
continue
}
$upnSuffix = $item.Key
break
}
if ([System.String]::IsNullOrEmpty($upnSuffix))
{
$Context.LogMessage("UPN suffix is not specified for '$value'. Default UPN suffix will be used.", "Warning")
return
}
# Get UPN
$userPrincipalName = "%userPrincipalName%"
if ([System.String]::IsNullOrEmpty($userPrincipalName))
{
$Context.LogMessage("Cannot assign a UPN suffix because the user logon name is empty", "Warning")
return
}
# Build new UPN
$userPrincipalName = $userPrincipalName.SubString(0, $userPrincipalName.IndexOf("@")) + "@$upnSuffix"
# Save changes
$Context.TargetObject.Put("userPrincipalName", $userPrincipalName)
$Context.TargetObject.SetInfo()
Hello,
In this case, you need to specify a UPN suffix only for the CompanyB value of the proeprty in the $upnSuffixMap variable. In all other cases, the script will use the default suffix.
say that the directory is called domain.company.com but our default domain for email is ourcompany.com and that is also available as Logon domain in AD?
Hello,
In this case, you need to add a mapping for all the values expect CompanyB to the $upnSuffixMap variable with the required suffix. For example:
Alternatively, you can just hardcode the requoried UPN suffix that will be used for all the values except CompanyB. If you ahve issues updating the script accordingly, we will help you.
Then hardcoding is the best solution for us.
We only wish to assign a different UPN logon domain for specific companies, while everybody else should get the main domain we use.
How do you suggest to modify the script for such purpose?
Hello,
Thank you for the provided details. In this case, you need to specify a mapping for all custom suffixes and property values in the $upnSuffixMap variable. The property values that should match the default UPN suffix can be omitted as it will be used by default for all the unspecified values. Finally, you should have something like the following:
$upnSuffixMap = @{
"companyZ.domain.com" = @("CompanyZ*")
"companyd.domain.com" = @("CompanyD")
"companyf.domain.com" = @("CompanyF")
}
With a "*" ?
It can be done by just replacing this line in the script
with the following one