Add User Principal Name Suffixes

Applies To: Windows Server 2008

You can use Active Directory Domains and Trusts to add user principal name suffixes for the existing user account. The default user principal name suffix for a user account is the DNS domain name of the domain that contains the user account. You can add alternative UPN suffixes to simplify administration and user logon processes by providing a single user principal name suffix for all users. The UPN suffix is only used within the Active Directory forest, and it is not required to be a valid DNS domain name.

Membership in Domain Admins or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To add user principal name suffixes

  1. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start, click Administrative Tools, and then click Active Directory Domains and Trusts.

  2. In the console tree, right-click Active Directory Domains and Trusts, and then click Properties.

  3. On the UPN Suffixes tab, type an alternative user principal name (UPN) suffix for the forest, and then click Add.

  4. Repeat step 3 to add additional alternative UPN suffixes.

Additional considerations

  • To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, search for "using run as" in Help and Support.

  • UPN suffixes should conform to Domain Name System (DNS) conventions for valid characters and syntax.

Additional references