HOWTO: Use ADSI to List the UPN Suffixes That Are Defined in Active Directory (269441)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Active Directory Services Interface, System Component
  • Microsoft Active Directory Services Interface, Microsoft Active Directory Client
This article was previously published under Q269441

SUMMARY

This article describes how to retrieve the Windows 2000 user principal name (UPN) suffixes that are defined.

The UPNSuffixes attribute on the Partition container in the default naming context contains the UPN suffixes that are defined for the domain tree. This attribute does not contain the default UPN or the UPN suffixes that are assigned to organizational units. The UPN suffixes that are assigned to an organizational unit are stored in the upnSuffixes attribute on the Organizational Unit object.

The default UPN is contained in the Canonical Name attribute on the Partitions container object in the configuration naming context. The default UPN suffix identifies the domain in which the user account is contained. When you create a user account in Active Directory, the default UPN suffix is the DNS name of the first domain in your domain tree.

If you create user accounts by using the Users and Computers snap-in, every user must have a UPN. If you programmatically create user objects in Active Directory, you must supply an appropriate value for this attribute.

MORE INFORMATION

The following sample code demonstrates how to retrieve the default UPN and any additional UPNs: 
' --- Get the naming contexts ----
Set RootDSE = GetObject("LDAP://RootDSE")
strNamingContext = RootDSE.Get("defaultNamingContext")
strConfigContext = RootDSE.Get("configurationNamingContext")
' -- Get the current domain name --

Set oDomain = GetObject("LDAP://" + strNamingContext)
strDomainName = oDomain.Get("name")

Set oPartition = GetObject("LDAP://CN=Partitions," & strConfigContext)

'-- Get the DNS name of the domain --
oDomain.GetInfoEx Array("canonicalName"), 0
strCanonical = oDomain.Get("canonicalName")
strDNSName = Left(strCanonical, Len(strCanonical) - 1) 'clip off "/"
'-- Display the default UPN suffix
Debug.Print strDNSName<BR/>
'-- Get the defined upnSuffixes --
suffixes = oPartition.GetEx("UPNSuffixes")
For Each upnSuffix In suffixes
  Debug.Print upnSuffix
Next
Set RootDSE = Nothing
Set oDomain =Nothing
Set oPartition = Nothing

' -- Get the upnsuffixes defined on organizational units --
Set ADOconn = CreateObject("ADODB.Connection")
Set ADOcom = CreateObject("ADODB.Command")
  
ADOconn.Provider = "ADsDSOObject"
bstrADOQueryString = "<LDAP://" + srrNamingContext>;(objectcategory=organizationalUnit);upnsuffixes,ADsPath;subtree"
ADOconn.Open
ADOcom.ActiveConnection = ADOconn
  
ADOcom.CommandText = bstrADOQueryString
ADOcom.Properties("Page Size") = 99
  
Set objRS = ADOcom.Execute

While Not objRS.EOF
   If Not IsNull(objRS.Fields("upnSuffixes")) Then
    upnsuffixes = objRS.Fields("upnSuffixes")
    For Each upnsuffix In upnsuffixes
        Debug.Print upnsuffix
    Next
   End If

   objRS.MoveNext
Wend

Set objRS = Nothing
Set ADOcom = Nothing
Set ADOconn = Nothing

REFERENCES

For additional information, visit the following Microsoft Web site:

Attribute Details: User-Principal-Name

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

252490 HOWTO: Use ADSI to Query the Global Catalog for a UPN

243629 HOW TO: Add UPN Suffixes to a Forest

Modification Type:MinorLast Reviewed:7/13/2004
Keywords:kbDSWADSI2003Swept kbenv kbinfo KB269441 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.