Thursday, October 24, 2013

UPN Not Available in ECP When Creating Mailbox

Recently I was working as part of a Notes to Exchange 2013 migration. The original vendor on the project had been replaced and we were taking over the process. As always in these scenarios, you're suspicious of everything that you see in the new environment because you don't know what is left at default.

When creating new mailboxes in Exchange Control Panel the client observed that only the forest root domain was available as a UPN suffix. Most of the environments that I work in are single domain, so I didn't identify the issue right away. The domains that the client uses are multiple trees. So, I was immediately concerned that the issue was related to that, but it was not. It was quite simple really and parallels what happens when using AD Users and Computers to set the UPN suffix for an account.

When you are using  AD User and Computers to configure the UPN suffix for an account, the root domain of the forest will always be one of the options. The other option will be the current domain if you are in a domain other than the root domain.

For example, if I have a forest with the following domains:
  • conexion.ca
  • child1.conexion.ca
  • child2.conexion.ca
If I'm running AD Users and computers in child1.conexion.ca, then I will see conexion.ca and child1.conexion.ca in the UPN suffix list. If I'm running AD Users and Computers in the conexion.ca domain then I will see only conexion.ca in the UPN suffix list.

So, my assumption is that Exchange 2013 was using conexion.ca as it's base for doing the AD queries/work, because we were seeing only the root domain in the drop down list.

To make the child domains available as UPN suffixes when running AD Users and Computers in the root domain, the child domains need to be added as alternative UPN suffixes to the forest. After they are added here, they are available from any domain. Note that you can add anything you want here. You are not limited to UPN suffixes that match your domain names.

Configuring the UPN Suffix for a User Account


Ultimately, what works for AD Users and Computers also worked for ECP. At the client, after adding the name of the other tree as an alternative UPN suffix, it appeared in ECP and all was good.

Steps to add an alternate UPN suffix for the forest:

  1. Open Active Directory Domains and Trusts.
  2. In Active Directory Domains and Trusts, right-click the Active Directory Domains and Trusts node and click Properties.
  3. On the UPN Suffixes tab, add the subdomain required.
Adding an Alternative UPN Suffix

No comments:

Post a Comment