Using Multiple User Principal Name Suffixes

When configuring ADFS in your own local the default login of any user authenticating into the environment would be user@domain.local or something of that sort. At many times, especially when working with multiple applications, we would like the user to authenticate using different login credentials such as user@mynewdomain.com. In order to implement this, we can add suffixes that gives us the ability to user a friendly logon name that is not the same as the domain or parent's domain name.

In order to add a domain suffix to a forest, we need to follow the instructions below:

• Log on to the domain controller, or a computer that has the different Active Directory Management Tools, and open Active Directory Domains and Trusts.
• When the application opens, right-click on the Active Directory Domain and Trusts in the Tree window pane, and select Properties from the pop-up menu.
• On the UPN Suffixes tab, type the new User Principal Name suffix that you would like to add to the existing forest.
• Click Add and click OK

After the domain suffixes have been added, new users that are added to the domain can select the UPN suffix to use.