Script Repository

Assign UPN suffix based on property of user account

April 25, 2017

The script assigns a UPN suffix to a user based on the value of a certain property of the user account. For example, you can set a UPN suffix based on the department of the user specified in AD.

To add such functionality to your environment, create a Business Rule that runs the script after creating a user.


  • $propertyName - specifies the LDAP display name of the property on which UPN suffixes depend;
  • $upnSuffixMap - specifies a map of the property value and the corresponding UPN suffix. One suffix can be mapped to multiple values.
Edit Remove
$propertyName = "department" # TODO: modify me
$upnSuffixMap = @{
    "" = @("Sales")
    "" = @("Help Desk 1", "Help Desk 2")
} # TODO: modify. Example: $upnSuffixMap = @{"<UPN Suffix>" = @("<Property Value 1>", "<Property Value 2>")}

# Get property value
    $value = $Context.TargetObject.Get($propertyName)
    return # Property is empty

# Get UPN Suffix
$upnSuffix = $NULL
foreach ($item in $upnSuffixMap.GetEnumerator())
    if ($item.Value -notcontains $value)
    $upnSuffix = $item.Key

if ([System.String]::IsNullOrEmpty($upnSuffix))
    $Context.LogMessage("UPN suffix is not specified for '$value'. Default UPN suffix will be used.", "Warning")

# Get UPN
$userPrincipalName = "%userPrincipalName%"
if ([System.String]::IsNullOrEmpty($userPrincipalName))
    $Context.LogMessage("Cannot assign a UPN suffix because the user logon name is empty", "Warning")

# Build new UPN
$userPrincipalName = $userPrincipalName.SubString(0, $userPrincipalName.IndexOf("@")) + "@$upnSuffix"

# Save changes
$Context.TargetObject.Put("userPrincipalName", $userPrincipalName)

Comments ( 0 )
No results found.
Leave a comment