foreach ($user in (get-aduser -filter *)) {
   #write-host processing $user.samaccountname -nonewline
   [string]$forest=(get-addomain).forest
   [string]$sam = $user.samaccountname
   [string]$upn = "$sam@$forest"
   if ($user.UserPrincipalName -eq $upn){
#      write-host " UPNOK: $upn" -background green -foreground black
   }
   else {
      write-host " UPNFIX:$upn" -backgroundcolor yellow
#      set-aduser -identity $sam -UserPrincipalName $upn -whatif
   }
}