Hello, Just looking for help please. I am new.

Copper Contributor

I am trying to get a script to update usernames in Azure AD. Below is the script I have created, I am new so I understand that I may be making it longer than needed. ANY suggestions on why its not working?

The results that I am receiving right now: when I run the $upn variable I get the results I want, but when I run the $newupn, the results I get are just the @domain.com. It is not including the users first name like I want nor is it changing the users log on name.




<# update the email addresses below to change from current username to new username #>

$UserList = Get-AzureADGroupMember -ObjectId "xxxxxxxxxxxxx" | Get-AzureADUser | where{$_.UserPrincipalName -like "*.onmicrosoft.com"} | Select-Object -ExpandProperty UserPrincipalName

$UserListFN = Get-AzureADGroupMember -ObjectId "xxxxxxxxxxxxxx" | Get-AzureADUser | Select-Object -ExpandProperty GivenName

<#Take $UserList and update the Email address and login username for all objects in that list#>

foreach($User in $UsersList){

$upn = $UserList.UserPrincipalName

$newupn = "$($UserList.GivenName)@domain.com"

Set-AzureADUser -UserPrincipleName $upn -NewUserPrincipleName $newupn

5 Replies

First of all, the Set-AzureADUser cmdlet does not have a parameter called NewUserPrincipleName, and you also have the wrong spelling for UserPrincipleName. Next, inside the loop you are referencing the full list, $UserList, and not the current object, $user. And you've complicated things a bit because of using multiple variables. Try something like this:


Get-AzureADGroupMember -ObjectId XXX | ? { $_.ObjectType -eq "User" -and $_.UserPrincipalName -like "*.onmicrosoft.com" } | % { Set-AzureADUser -ObjectId $_.ObjectId -UserPrincipalName $_.UserPrincipalName.Replace("tenant.onmicrosoft.com","domain.com") }

@Vasil Michev 


thank you for reaching out and helping me.


Is that change just for grabbing the domain and then updating the domain or will it do the domain and the username?


It's pretty much doing the same thing as your original example. First, it gets all the members of a given group. Next, it filters out only the users (groups can have other object types as members too) and only the users with UPNs matching the tenant.onmicrosoft.com domain. Now that we have the list of all these user objects, we can proceed to changing their UPNs via the Set-AzureADUser cmdlet. And since we are using the full object, we can just reference any of its properties, without the need to use additional variables. Thus $_.ObjectId will represent the ObjectID value of the currently processed user. Lastly, we're doing the replacement of the domain part of the UPN - using $_.UserPrincipalName to get its current value, then using the Replace() method to swap the default domain name with the domain you want to use.


Makes sense?

I realized I may have been too vague. right now the usernames are in the format firstname.lastname@domain.onmicrosoft.com and what I want them to look like is 



Sorry if I am being confusing I am pretty new to this...

Then something like this:


Get-AzureADGroupMember -ObjectId XXX | ? { $_.ObjectType -eq "User" -and $_.UserPrincipalName -like "*.onmicrosoft.com" } | % { Set-AzureADUser -ObjectId $_.ObjectId -UserPrincipalName $($_.FirstName + "@domain.com") }