Wednesday, October 17, 2007

userPrincipalName (User-Principal-Name)

The userPrincipalName is a single-valued and indexed property that specifies the user principal name (UPN). The UPN is an Internet-style login name for the user. The UPN is shorter than the distinguished name and easier to remember. The point of the UPN is to consolidate the e-mail and logon namespaces so that the user need only remember a single name.

The UPN as the Preferred Logon Name

Users should use their UPNs to log on to the domain. At logon time, a UPN is validated first by searching the local domain, then the global catalog.
By convention, the UPN should map to the user's e-mail name.

The UPN can be assigned, but is not required. Once assigned, the UPN is unaffected by changes to other properties of the user object. If a parent domain was renamed or a domain was moved the user can keep the same login name, even if the directory is radically restructured.

The UPN Name Structure

The UPN must be unique among all security principal objects within the directory forest.
The user principal name has two parts: the UPN prefix (the user account name) and the UPN suffix (a DNS domain name). The parts are joined together by the @ (at sign) to complete the UPN.

The UPN can consist of any name for the user (such as the sAMAccountName) and the domain tree name or an email domain name

Sample User Principal Name:,

1 comment:

  1. Anonymous7:40 PM

    This is very good article to help me resolve un-clear questions posted by my management.


Note: Only a member of this blog may post a comment.