How to add and verify a custom domain name to Azure Active Directory

Posted on Christian By Christian No Comments on How to add and verify a custom domain name to Azure Active Directory
AD Connect Error

After you create your directory, you can add your custom domain name. Every new AAD tenant comes with an initial domain name, <domainname>.onmicrosoft.com. You can’t change or delete the initial domain name, but you can add your organization’s names. Adding custom domain names helps you to create user names that are familiar to your users, such as techdirectarchive.com. See this guide for reasons to deploy AAD. A domain or accepted domain is a DNS zone for which a tenant has proven ownership by creating an arbitrarily named DNS record as requested by Microsoft. It represents the possible domain suffixes (or namespace) that directory objects can use.

Each tenant has a core domain (onmicrosoft.com) and a default domain which by default is the core domain, but which can be changed. Neither of these is necessarily the primary domain used by the tenant as you have the option to have this changed. See this guide on how to set up an Azure AD Tenant.

A directory is the Azure AD service. Each directory has one or more domains. A directory can have many subscriptions associated with it, but only one tenant. Kindly refer to these related guides:  Domain Name System: How to create a DNS record, How to setup SPF and TXT Records in AWS, and A-Z of Domain Name System: All you need to know about DNS

Custom domain name to Azure Active Directory

Follow the steps below to create a resource group
– Sign in to the Azure portal using a Global administrator account.
– Search for and select the Azure Active Directory.
– On the left pane, select Custom domain names.

Synchronization service scheduler

– Click on Add custom domain as show

configuration change

In the Custom domain name dialog box as shown below,
– Enter your organisation’s new name, in this example, techdirectarchive.com.
– Select Add domain.

synchronization error

When successfully added, you will be alerted that the Domain name was successfully added.

AD Connect Error

You will be required to add a TXT or MX file to your Domain in order to verify the domain belongs to you. See this article “what are the different types of DNS Record
– Proceed to add the TXT File or MX record to your DNS registrar for Azure AD DNS as shown below. This process might be different for your Domain.

Synchronization service scheduler

When you are done creating the TXT or MX record , click on verify as shown below. Note: Creating this TXT record for your domain verifies ownership of your domain name

configuration change

If successful, you will be notified that the verification process has been completed successfully.

synchronization error

Note: We can make this new custom domain as our primary domain. As you can see above, the option to make it a primary custom domain is grayed out. Simply click on the custom domain names once again and
– Click on the new verified domain.

AD Connect Error

Note: After you've verified your custom domain name, you can delete your verification TXT or MX file.Now you have the option to make the new custom domain the primary domain.

Synchronization service scheduler

Upon clicking to make the new custom domain your primary domain, you will be asked to confirm the change by clicking on “Yes”.

configuration change

When successfully added as the primary domain, you will get an alert that the task was successful.

When refreshed, the verified domain will be the primary domain as shown below.

Now you can download the Azure AD Connect to synchronize your on-premises to Azure Active Directory as well. You can download Microsoft Azure Active Directory Connect here. Next, I will be adding (Azure Global Administrator), deleting, and assigning permissions to users in Azure AD in the next guide.

Here are some common verification issues: If Azure AD can’t verify a custom domain name, try the following suggestions:

  • Wait at least an hour and try again. DNS records must propagate before Azure AD can verify the domain. This process can take an hour or more.
  • Make sure the DNS record is correct. Go back to the domain name registrar site. Make sure the entry is there, and that it matches the DNS entry information provided by Azure AD.
  • If you can’t update the record on the registrar site, share the entry with someone who has permission to add the entry and verify it’s correct.
  • Make sure the domain name isn’t already in use in another directory. A domain name can only be verified in one directory. If your domain name is currently verified in another directory, it can’t also be verified in the new directory. To fix this duplication problem, you must delete the domain name from the old directory. For more information about deleting domain names, see Manage custom domain names.
  • Make sure you don’t have any unmanaged Power BI tenants. If your users have activated Power BI through self-service sign-up and created an unmanaged tenant for your organization, you must take over management as an internal or external admin using PowerShell

I hope you found this blog post on custom domain name to Azure Active Directory helpful. Please let me know in the comment session if you have any questions.

Rate this post
AWS/Azure/OpenShift Tags:, , , , ,

Related Posts

More Related Articles

Screenshot 2022 03 20 at 21.08.50 How to integrate AWS CodeBuild and AWS CodeCommit to SonarCloud AWS/Azure/OpenShift
Azure Storage 1 Azure CLI: How To Upload Batch Files to Azure Storage Account AWS/Azure/OpenShift
Delete AWS EBS Volume How to delete an Elastic Block Store Volume on AWS AWS/Azure/OpenShift
EC2 How to Add and Format a New Virtual Disk to an EC2 Instance AWS/Azure/OpenShift
awscli56 Configure AWS Command Line Interface AWS/Azure/OpenShift
Azure SASE [AZURE] Security Service Edge (SSE) and Microsoft Entra ID AWS/Azure/OpenShift

Leave a Reply