UPN suffix consistency
It is recommended that an AD domain be a subdomain of an organization’s
top-level DNS domain name (e.g., ad.contoso.com
). It is also recommended
that each user’s user principal name (UPN) match their email address (e.g.,
jsmith@contoso.com
).
Together, these recommendations lead to the need to add a secondary UPN suffix: one for the top-level domain. ADMan can ensure that users’ UPNs are consistently set.
References:
Actions
For each configured container, ADMan will enumerate the users and change their
userPrincipalName
, if necessary, to match the desired UPN suffix.
Configuration
upn_suffixes
is a mapping (dictionary) similar to the
containers type, where the key is the the
container holding the users to which the UPN suffix will be applied. The
value is either 1. the UPN suffix to apply, or 2. a mapping with the
following keys:
Config Key |
Type |
Default |
Description |
---|---|---|---|
|
string |
(required) |
The UPN suffix to apply |
|
string |
|
Scope of LDAP search in the container: either |
Example configuration
upn_suffixes:
# The key is the container which specifies the set of users to which the UPN
# suffix will be applied. There are two ways to specify the UPN suffix to be
# applied to a container:
# 1. The simple format just specifies the suffix:
CN=Users: example.com
# 2. The complex format allows the scope to be specified,
# which can be either 'one' or 'subtree' (the default)
OU=Special Users,OU=People:
suffix: special.com
scope: one
Commands
Relevant CLI commands: