As most System Administrators know, Active Directory Domains and Trusts can be used to add User Principal Name (UPN) suffixes to existing user accounts.
The default UPN suffix for a user account is the Domain Name System (DNS) of the domain on which a user account is created. You can add alternative UPN suffixes to simplify the administration and user login process by providing a single UPN suffix for all users. The UPN suffix is used only within the Active Directory forest, and is not required to be a valid DNS domain name.
Now, here’s a fun trick. Not everyone knows this, but you can actually do the same thing at the Organizational Unit level. In fact, it’s pretty simple. You just need to follow these steps:
- From the Active Directory Users and Computer screen, select an Organizational Unit and click Properties
- In the Attributes Editor tab, search for the uPNSuffixes attribute
- From there, simply click on Edit and enter the suffixes you want to add at the organizational level
It’s one thing to know cool tricks, but you need to understand why you’d want to use them in the first place, right?
Let’s say you have different Organizational Units for different clients. This procedure will allow you to automate and customize their login while narrowing the use of the client domain name in the Active Directory to a more granular level.
I hope this trick will come in handy. If you have any tips you want to share on Active Directory Domains and Trusts, share them in the comments section!