Assume that you add a user principal name (UPN) suffix by using Active Directory Domains and Trusts on a domain controller that is running Microsoft Windows Server 2012 R2 in a Microsoft Exchange Server 2013 environment. When you check the UPN by using Exchange Admin Center (EAC) or by running the Get-UserPrincipalNamesSuffix cmdlet in Exchange Management Shell (EMS), the added UPN suffix is not displayed.
This issue occurs because the Exchange Trusted Subsystem security group does not have permissions to read the "CN=Partitions,CN=Configuration,DC=YourDomain,DC=YourRootDomain" entry.
To work around this issue, follow these steps to add the Read permission to the Exchange Trusted Subsystem security group:
Start the Active Directory Service Interfaces (ADSI) Edit tool.
On the Action menu, click Connect to.
In the Connection Point area, click Select a well known Naming Context, and then click Configuration in the list.
In the Computer area, click Select or type a domain or Server, and then type the fully qualified domain name (FQDN) of the server in the box. Or, click Default (Domain or Server that you logged in to) if it is suitable for your circumstances. Then, click OK.