Managing UPN to help Exchange authentication
In some organizations where the Active Directory domain is different from the public name, such as apatricio.local (Active Directory FQDN) and the external SMTP address is andersonpatricio.ca. Some organizations may want to authenticate users using email@example.com format instead of DOMAIN\username or just username and that can be easily done using additional UPNs.
The entire process can be divided in a couple of tasks, such as manage UPN, manage the user and then finally configure Outlook Web App.
Managing UPN on Active Directory
First thing to do is to add the desired UPN to the Active Directory and that can be done using Active Directory Domain and Trusts. Let’s right-click on the first item and then Properties.
There is a single tab, let’s add our domain to the list, in our case andersonpatricio.ca and let’s click on Add and then Apply and Ok.
Note: Depending of your Active Directory size and replication topology it may take some time to replicate the information.
Managing the UPN at mailbox/user level
Our next step is to get properties of a mailbox using Exchange Management Console, and on Account tab we have a second option for user logon name (User Principal Name) field, let’s select our new domain (andersonpatricio.ca) and let’s click on Apply.
Managing Outlook Web App..
Time to configure Authentication at Outlook Web App level (open Exchange Management Console / Server Configuration / Client Access and then Outlook Web App) and ask Properties of the Outlook Web App and then let’s go to Authentication tab and let’s change it to user principal name (UPN) and let’s click on Apply and Ok in the new dialog box that will show up.
Final task is to run IISReset /noforce in the command prompt to refresh the settings.
It’s time for testing! open Outlook Web app and type in the UPN and password and voilà the mailbox will be opened.
Note: You can also test that now you can’t use the regular username to authenticate.