Managing UPN to help Exchange authentication

Share this:

Hi Folks,

In some organizations where the Active Directory domain is different from the public name, such as apatricio.local (Active Directory FQDN) and the external SMTP address is Some organizations may want to authenticate users using format instead of DOMAINusername or just username and that can be easily done using additional UPNs.

The entire process can be divided in a couple of tasks, such as manage UPN, manage the user and then finally configure Outlook Web App.

Managing UPN on Active Directory

First thing to do is to add the desired UPN to the Active Directory and that can be done using Active Directory Domain and Trusts. Let’s right-click on the first item and then Properties.


There is a single tab, let’s add our domain to the list, in our case and let’s click on Add and then Apply and Ok.


Note: Depending of your Active Directory size and replication topology it may take some time to replicate the information.

Managing the UPN at mailbox/user level

Our next step is to get properties of a mailbox using Exchange Management Console, and on Account tab we have a second option for user logon name (User Principal Name) field, let’s select our new domain ( and let’s click on Apply.


Managing Outlook Web App..

Time to configure Authentication at Outlook Web App level (open Exchange Management Console / Server Configuration / Client Access and then Outlook Web App) and ask Properties of the Outlook Web App and then let’s go to Authentication tab and let’s change it to user principal name (UPN) and let’s click on Apply and Ok in the new dialog box that will show up.


Final task is to run IISReset /noforce in the command prompt to refresh the settings.


It’s time for testing! open Outlook Web app and type in the UPN and password and voilà the mailbox will be opened.


Note: You can also test that now you can’t use the regular username to authenticate.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

Exporting PSTs based on Organization Unit In some scenarios the administrator may want to export all mailboxes of a specific OU to PST. Using Exchange Server 2013/2016 this can be accomplished...
How to test IMAP connectivity In some situations the administrator has to test connectivity of any given protocol, and Exchange Server offers a cmdlet for the vast majority of prot...
Administrator initiated remove wipe in Exchange Se... In this Tutorial we are going over the process to remote wipe a mobile phone using Exchange Server 2010 console. Solution A customer of mine is st...
Retrieving ActiveSync Logs: Using Outlook Web App Good morning my friends (long time no see, after a couple of days in holidays I’m back!) In Today’s post we are going to check it out the ActiveSync ...