Forum Discussion

BTW97's avatar
BTW97
Brass Contributor
Aug 06, 2024
Solved

Best practice when UPN and email address are different but both routable?

Our on-premise AD is a multi-domain forest with different business units in separate child domains. Each child domain uses a UPN of the form username[at]unitX.onpremad.com and we've validated all the...
Azure AD Connect
  • BTW97's avatar
    BTW97
    Aug 08, 2024
    Lain - thank you so much for taking the time to provide a detailed response. I appreciate it. At least on this page: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id there is a call out that email == UPN is best practice, so I think that's where I got the idea from.
    The fact that MS 1st party applications are okay with UPN != mail is encouraging. I had read some (probably outdated) blogs that seemed to suggest that there were known issues with the desktop applications like Outlook needing extra configuration when UPN and email don't match.
    Again, thanks for the helpful reply.
BTW97's avatar
BTW97
Brass Contributor
Aug 08, 2024
Lain - thank you so much for taking the time to provide a detailed response. I appreciate it. At least on this page: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id there is a call out that email == UPN is best practice, so I think that's where I got the idea from.
The fact that MS 1st party applications are okay with UPN != mail is encouraging. I had read some (probably outdated) blogs that seemed to suggest that there were known issues with the desktop applications like Outlook needing extra configuration when UPN and email don't match.
Again, thanks for the helpful reply.
  • ah_ha's avatar
    ah_ha
    Copper Contributor
    Jan 06, 2026

    Hello LainRobertson​ any idea of the implications for a D365 user if the email address is changed? Just to note, their account (UPN) would remain the same. 

     

    Thanks,

    A

Resources