Browse Definitions :

User Principal Name (UPN)

What is a User Principal Name (UPN)?

In Microsoft Active Directory, a User Principal Name (UPN) is a username and domain in an email address format. In a UPN, the username is followed by a separator "at sign" (@) followed by the active directory's internet domain.

An example UPN is [email protected]. In this example "tomw" is the username and "" is the domain's fully qualified domain name (FQDN) and registered web address as a suffix. The domain's NetBIOS name is "corp." The UPN is used instead of down-level logon name corp\tomw.

All Active Directory user accounts must have a UPN. An implicit UPN is generated by the system at account creation if a UPN is not explicitly created by an administrator. Each UPN must be unique in the domain.

What are the services in Active Directory?
The User Principal Name in Microsoft Active Directory is an email addresses formatted username and domain.

UPNs are useful because they are more standards complaint than using the down-level logon name with a backslash. They are based on internet standard RFC 822. This allows them to be used for authentication with web services and non-Windows operating systems. The UPN can be used for federated, SAML and OAuth scenarios.

Is a UPN the same as an email address?

A UPN is not the same as the user's email address. In many cases they are the same value for ease of use, but UPN and email have different internal uses and are defined in different active directory attributes. The UPN can be adjusted by an administrator to a different value. The user's email address can also be changed to another value. The UPN and email address may be different if the domain's FQDN isn't internet routable and a different web domain is needed for the email to function.

Having a user's UPN and primary email SMTP address be different values can cause issues. For example, an ActiveSync email client can use the email address to autodiscover the correct server and then use the email as the login name. If the UPN and email are different however, the user may need to manually enter the server address and then enter the similar looking but different username.

UPN and Azure Active Directory

Microsoft Windows Azure Active Directory is a cloud-based implementation of Active Directory. It uses UPN as the username or primary account identity. While a user may only need to enter their username in on-premises authentication, for Azure AD the user will almost always need to enter their full UPN.

By default, on Azure AD the UPN is set to [email protected] to ensure a globally unique value. If an internet domain name has been verified by Azure AD, that domain can be used as the UPN suffix. An administrator can change a user's UPN with remote PowerShell commands.

An administrator can set an Alternate Logon ID instead of the UPN. This can be used in scenarios where the email address and UPN are different due to policy or application dependency. The user could then login with their familiar email address instead of with their UPN.

How to change a UPN in Active Directory

In Active Directory Users and Computers tool, available in Remote Server Administration tools (RSAT), open the user account properties. On the Account tab, change the User logon name prefix or suffix.

In PowerShell, use the following:

Import-Module ActiveDirectory
Set-ADUser username -UserPrincipalName [email protected]

How to Change a UPN in Azure Active Directory

Use the following in PowerShell:

Import-Module MSOnline
Set-MSOUserPrincipalName -UserPrincipalName oldupn -NewUserPrincipalName newupn

See how to set up automated log collection with PowerShell, why you should consider Azure AD group-based licensing for Office 365 users and how to get started with Azure AD entitlement management.

This was last updated in December 2022

Continue Reading About User Principal Name (UPN)

  • local area network (LAN)

    A local area network (LAN) is a group of computers and peripheral devices that are connected together within a distinct ...

  • TCP/IP

    TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect ...

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

  • change management

    Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes...

  • IT project management

    IT project management is the process of planning, organizing and delineating responsibility for the completion of an ...

  • chief financial officer (CFO)

    A chief financial officer (CFO) is the corporate title for the person responsible for managing a company's financial operations ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

  • HR service delivery

    HR service delivery is a term used to explain how an organization's human resources department offers services to and interacts ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...