Recently I was asked to make mass changes to our AD environment which always makes me a little uneasy. I do not "enjoy" making mass changes manually either, so I decided to use PowerShell to partially automate some of the process.
First things, first I you do not have Remote Server Administration Tools installed for you OS you will need to grab them here:
Remote Server Administration Tools for Windows 10
Instructions can be found for installation on the respective pages.
After the installation of RSAT, I used Powershell ISE to create a script to export users to a text file. There are several ways to go about doing this as a quick Google search will reveal.
The script below is simple but accomplished exactly what I needed while giving me some control/visibility over the process until I was sure that it was working as intended.
Script below:
Import-Module ActiveDirectory
# Imports Active Directory module for Powershell
$oldSuffix = "currentupnsuffix"
# Place current UPN suffix here in quotes everything to the right of the @ symbol ex. domain.com
$newSuffix = "newupnsuffix"
# Place new UPN suffix here in quotes - everything to the right of the @ symbol ex. @newdomain.com
Get-Content "export.txt" | Get-ADUser | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -UserPrincipalName $newUpn
}
#This block of code reads the file named export.txt (created from above) containing users samaccountnames. Each time it finds a matching UPN suffix, it replaces it with the new one.
**Disclaimer please remove the comments in red from the code before running the script. I did not test with the code with the comments added.
If you are unsure about this process, start by creating a test account and adding the samaccountname attribute value to a test text file. Run the script against the "test" account and determine if the scripts yields the desired outcome.
Sit back and enjoy the day!
