Managing UPN to help Exchange authentication

Share this:

Hi Folks,

In some organizations where the Active Directory domain is different from the public name, such as apatricio.local (Active Directory FQDN) and the external SMTP address is andersonpatricio.ca. Some organizations may want to authenticate users using user@domain.com format instead of DOMAINusername or just username and that can be easily done using additional UPNs.

The entire process can be divided in a couple of tasks, such as manage UPN, manage the user and then finally configure Outlook Web App.

Managing UPN on Active Directory

First thing to do is to add the desired UPN to the Active Directory and that can be done using Active Directory Domain and Trusts. Let’s right-click on the first item and then Properties.

clip_image001

There is a single tab, let’s add our domain to the list, in our case andersonpatricio.ca and let’s click on Add and then Apply and Ok.

clip_image002


Note: Depending of your Active Directory size and replication topology it may take some time to replicate the information.


Managing the UPN at mailbox/user level

Our next step is to get properties of a mailbox using Exchange Management Console, and on Account tab we have a second option for user logon name (User Principal Name) field, let’s select our new domain (andersonpatricio.ca) and let’s click on Apply.

clip_image003

Managing Outlook Web App..

Time to configure Authentication at Outlook Web App level (open Exchange Management Console / Server Configuration / Client Access and then Outlook Web App) and ask Properties of the Outlook Web App and then let’s go to Authentication tab and let’s change it to user principal name (UPN) and let’s click on Apply and Ok in the new dialog box that will show up.

clip_image004

Final task is to run IISReset /noforce in the command prompt to refresh the settings.

Testing..

It’s time for testing! open Outlook Web app and type in the UPN and password and voilà the mailbox will be opened.

clip_image005


Note: You can also test that now you can’t use the regular username to authenticate.


Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).

Related Post

How to.. list Mailbox Databases from previous vers... If you run Get-MailboxDatabase in an Exchange Server 2013 you will receive a list of all your Mailbox Databases running on Exchange Server 2013 which ...
Rollup Update for Exchange Server 2007/2010 and Se... Exchange Team has just released Rollup Updates for Exchange Server 2007/2010 and Security Updates for Exchange Server 2013. Update Rollup 2 For Exch...
Exporting PSTs based on Organization Unit In some scenarios the administrator may want to export all mailboxes of a specific OU to PST. Using Exchange Server 2013/2016 this can be accomplished...
Retrieving ActiveSync Logs: Using Outlook Web App Good morning my friends (long time no see, after a couple of days in holidays I’m back!) In Today’s post we are going to check it out the ActiveSync ...