unable to verify domain name - Office 365 / Azure AD

  • Article

I just wanted to a quick article about issues that I see come up quite often where you are unable to verify a domain against a Microsoft Online Service or more specifically Azure Active Directory, Today this can be down to quite a few different issues which are generally in the following buckets {be sure to read the full article before proceeding}

The domain has already been verified against Azure AD by another IT Admin within your organization, he may have left the business and you no longer have access to the tenant.

domain_failure_RMSADHOC

In this particular scenario you will have to contact Microsoft Support for assistance and go through a domain dispute process which support engineering teams can assist you with and unblock you from verifying your domain.

but, in many cases this could just be down to one of the following reasons and the good news is you can get things moving forward all by yourself so I hope that this will help!

If you portal UI allows you to add the domain, provides you with a record to enter in to Public DNS but then fails to verify then it's always best for you to attempt to verification using powershell as a backup before phoning Microsoft Support for assistance. In order to do this you just need to download the Microsoft Online Sign-In Assistant and Microsoft Online PowerShell Module which can be found here: https://aka.ms/aadposh

Once you have downloaded the require components and successfully installed them go ahead and launch a powershell console

 Connect-MsolService

enter your global admin credentials {example: admin@contoso.onmicrosoft.com}

 Confirm-MsolDomain -DomainName contoso.com

If this then fails, take a sneak peak at the PowerShell MSONLINE Log Files and if you still need further guidance, ensure to attach that to the support incident as it is super helpful to the support engineering teams when investigating the problem your having. These files can be found "C:Users%username%AppDataLocalMicrosoftOffice365Powershell"

Power Bi Individual Signup

If you get the following notification:

powerbi_signup

then someone in your company has signed up for Power BI and you will first need to become and admin of that tenant that was automatically created for you. or/ if your an education establishment that a student or teacher has acquired there Office for Education eligibility and so, as the IT Admin head over to [PowerBi] https://www.powerbi.com/dashboards or [Office] https://portal.office.com/start?sku=e82ae690-a2d5-4d76-8d30-7c6e01e6022e  and enter your e-mail ID. Once you have received the e-mail click on the confirmation link and complete the fields, an account for you will be created and then you can login.

Once you have done this, you will have an option to Become an Admin by clicking this link it will provide you with a record type (TXT or MX) and a value for you to add to Public DNS. Once you have done this, head back in to the portal and verify the domain.

Once you have verified the domain this will make your account a Global Admin of that tenant, you will then be able to see the users (yourself + everyone whom signed up for PowerBI) and you will be able to then make a decision as to weather you continue using this tenant that was created for you or/ removing the domain. unfortunately if you remove the domain the individuals that signed up for PowerBi will no longer have access to there data and so be sure to check with them first before proceeding.

Office for Education have an FAQ which is worth reading which explains the process and that can be found here: https://support.office.com/en-US/Article/Office-365-Education-for-Students-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US

If you have any difficulties or are not sure on how to proceed, reach out to Microsoft Support and they will be able to assist you with this process and get you moving forward without delay! if you have any issues please feel free to reach out to me.

Another topic that comes up quite often is where IT Administrators who have signed up for Microsoft Azure attempt to verify the domain against there Azure AD. If this fails, again it is likely you fall in to one of the above scenarios! but it might also mean that you genuinely are already using a Microsoft Online Service such as Office 365, Dynamics CRM or Intune which is great! but you should have signed up to Microsoft Azure using your existing work account aka organizational account and then it would have used the same Azure AD you have for the 1st party services as mentioned. If you didn't do this don't worry there is a way you can resolve this on the assumption that you signed up to Microsoft Azure using a Microsoft Account aka Live ID.

  1. open a support incident with Microsoft and ask them to perform an Account Admin Ownership Transfer which updates you billing account admin & service admin and also changes the default directory associated to the subscription to be your existing directory.
  2. Follow the article that have written last year, although I personally would recommend you remove the MSA from the equation altogether and do it properly! :-) https://www.edutech.me.uk/microsoft/identity-and-access-management/active-directory/link-microsoft-office-365-organization-account-to-windows-azure-subscription/

My recommendation to you if your an enterprise is to always use work accounts aka organizational accounts try and avoid using Microsoft Accounts in the business and enterprise! remember a Microsoft Account is a consumer identity so you as a business do not have any control or management over the account [best practice].

I hope that helps, reach out to me if you have any issues!

Enjoy & Thank You!

James.