When creating new mailboxes in Exchange Control Panel the client observed that only the forest root domain was available as a UPN suffix. Most of the environments that I work in are single domain, so I didn't identify the issue right away. The domains that the client uses are multiple trees. So, I was immediately concerned that the issue was related to that, but it was not. It was quite simple really and parallels what happens when using AD Users and Computers to set the UPN suffix for an account.
When you are using AD User and Computers to configure the UPN suffix for an account, the root domain of the forest will always be one of the options. The other option will be the current domain if you are in a domain other than the root domain.
For example, if I have a forest with the following domains:
So, my assumption is that Exchange 2013 was using conexion.ca as it's base for doing the AD queries/work, because we were seeing only the root domain in the drop down list.
To make the child domains available as UPN suffixes when running AD Users and Computers in the root domain, the child domains need to be added as alternative UPN suffixes to the forest. After they are added here, they are available from any domain. Note that you can add anything you want here. You are not limited to UPN suffixes that match your domain names.
|Configuring the UPN Suffix for a User Account|
Ultimately, what works for AD Users and Computers also worked for ECP. At the client, after adding the name of the other tree as an alternative UPN suffix, it appeared in ECP and all was good.
Steps to add an alternate UPN suffix for the forest:
- Open Active Directory Domains and Trusts.
- In Active Directory Domains and Trusts, right-click the Active Directory Domains and Trusts node and click Properties.
- On the UPN Suffixes tab, add the subdomain required.
|Adding an Alternative UPN Suffix|