I recently came across a requirement with a customer whereby they had a need to add a new UPN suffix to Active Directory Domain Services and then update all users UPNs. This was needed a prerequisite for a Microsoft 365 migration. This is a relatively straightforward process which I will detail below.
ADD A NEW UPN SUFFIX TO ADDS
The new UPN suffix needs to be available within ADDS.
To do this log on to an ADDS domain controller
- Open Server Manager
- Tools > Active Directory Domains and Trusts

- Within Active Directory Domains and Trust, right click Active Directory Domains and Trusts > Properties

- Open UPN Suffixes > Add your new UPN Suffix > Add > Apply

This new domain suffix is now available in ADDS. Now we need to add it to the users. My recommendation is to add these to a specific group of users, or OU as testing to ensure technical validation of your solution before you apply to everyone!
CHANGE UPN SUFFIX FOR ALL USERS
The update to users can be done using PowerShell. In the below example I have targeted a specific OU. Please feel free to update the values to suit your environment. In this example, I have used the contoso.com example listed above!
Import-Module ActiveDirectory $ORGSUFFIX = "whatever.com" $NEWSUFFIX = "contoso.com" $OU = "OU=Test,DC=contoso,DC=com" $DC = "DC01" Get-ADUser -SearchBase $OU -filter * | ForEach-Object { $NEWUPN = $_.UserPrincipalName.Replace($ORGSUFFIX,$NEWSUFFIX) $_ | Set-ADUser -server $DC -UserPrincipalName $NEWUPN }
The updated user will now look like the below.

Hopefully this has been informative and helpful! If you need any further clarification, or a no thrills chat, please feel free to reach out to myself, or fellow Insentrons here at Insentra.