Staff and student users in your Active Directory (AD) are provisioned by RM Unify Network Provisioning. This article describes how to amend the RM Unify Network Provisioning configuration file to change the UPN suffix of new and existing AD user accounts. It applies to RM Unify Network Provisioning on a vanilla Windows® network; it is not suitable for Community Connect® 4 (CC4) networks.

If you are using RM Unify Network Provisioning on a CC4 network, please contact your usual support provider for further advice as amending your current UPN suffix may have other, unintended consequences on your network.

• The desired UPN suffix has been added to 'Active Directory Domains and Trusts'.
• You have consulted with your usual network support provider and ensured that your network and end users are prepared for the change and understood how a change to users' UPN suffix may affect your network.

Note: Changing the UPN suffix will affect new and existing AD accounts. The Network Agent will create new AD accounts with the revised UPN suffix as soon as the procedure is completed. Existing AD accounts will be updated to the revised UPN suffix the next time the Network Agent receives an RM Unify user account update, password change for that user, or a Network Agent sync, whichever comes first. Please see the More Information section below on how to control this.

1. On the server with the RM Unify Network Agent installed, stop the RM Unify Network Agent service.
2. Open File Explorer, click View and tick 'Hidden items'.
3. Browse to C:\ProgramData\RM\RM Unify Network Agent\RMUPROOT-config\[AD]\Configuration.
4. Make a backup copy of the 'BaseConfiguration.xml' file and name it 'BaseConfigurationBACKUP.xml'.
5. Right-click the 'BaseConfigurationxml' file and select 'Open with Notepad'.
6. The file has a configuration section for each role type - Students, Teachers and NonTeachers. For multi-site configurations, there is a configuration section for each role type per school.
7. To adjust the UPN suffix for each role type, first find the role-based section for the school, e.g. for the Student role - <Name>STUDENTS</Name>, or in the case of multi-site - <Name>SUPPORT_SCHOOL STUDENTS</Name>.
8. In the <ADAttributes> section, ensure that there is a setting as follows, replacing only the text schooldomain.sch.uk with your actual desired domain:
   
   <ADAttr>
                 <Name>userPrincipalName</Name>
                 <Value>[Username]@schooldomain.sch.uk</Value>
   </ADAttr>
   
9. Repeat this for the all the role types as desired.
10. Click Save and close the file.
11. Start the RM Unify Network Agent service.

1. Sign into RM Unify as a user with super admin rights.
2. Click Management Console.
3. From Users, create a test staff or student account.
4. Under Users, click User Audit.
5. Wait five to ten minutes and check the RM Unify audit log for a successful "Create AD User" message.
6. In Active Directory, search for the new user you created in step 3 above.
7. Right-click the user and select Properties.
8. Select the Account tab of the user and confirm that the new UPN suffix is showing for the user logon name.
9. Select the Attribute Editor tab and confirm that the new user has a 'userPrincipalName' using the new UPN suffix.

Yes, you have three options:

Desired result	Action
Update one existing AD account	In the RM Unify Management Console, disable and then enable the user.
Update groups of AD accounts	Trigger a partial sync from the RM Unify Network Agent based on the date/time.
Update all AD accounts provisioned from RM Unify	Trigger a full sync from the RM Unify Network Agent.

For detailed steps, please see the relevant section in TEC8277645 from the Other Useful Articles section below.