Office 365 Custom Domain Automation


Office 365 lets you add your GoDaddy domain in a three-step process that takes minutes. Using the domains setup wizard in Office 365, you'll provide the domain name you want to add to Office 365, and then the automatic process at GoDaddy makes setup fast and simple.

You can see how it works here

What about if you own a domain from another domain registrar ? What about if you want to automate this custom domain verification through a script?

Below is a solution leveraging Azure DNS.

 

Install required software

As a prerequisite you need to install required software :

  • Microsoft Online Services Sign-in Assistant
  • Windows Azure Active Directory Module for Windows PowerShell
  • Azure Resource Manager DNS module

These PowerShell lines will do the work for you:
#Download and install MSOL
Invoke-WebRequest -Uri https://download.microsoft.com/download/5/0/1/5017D39B-8E29-48C8-91A8-8D0E4968E6D4/en/msoidcli_64.msi -OutFile c:\msoidcli_64.msi
Start-Process -FilePath msiexec -ArgumentList /i, c:\msoidcli_64.msi, /quiet -Wait
#Download and install Windows Azure Active Directory Module for Windows PowerShell
Invoke-WebRequest -Uri https://go.microsoft.com/fwlink/p/?linkid=236297 -OutFile c:\AdministrationConfig-en.msi
Start-Process -FilePath msiexec -ArgumentList /i, c:\AdministrationConfig-en.msi, /quiet -Wait
#Install Azure RM DNS
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module AzureRM.Dns -Confirm:$false -Force

 

Connect to your tenant

Then you will have to connect to Office 365 and Azure which will host your DNS zone. Setting some parameters will be helpful for next steps:

#Parameters
$DomainName = "yourdomain"
$Username= "admin@xxxxxxx.onmicrosoft.com"
$Password = "O365Pass"
$AzureUsername = "admin@XXXXXX.com"
$AzurePassword = "AzurePass"
$ResourceGroupName = "MyRG"
$subscriptionName = "MySubName"

write "##################Connect to Office 365#########################"
$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
[PSCredential ]$cred = New-Object PSCredential ($Username, $SecurePassword)
#Login to O365
Import-Module MSOnline
Connect-MsolService -Credential $cred

write "##################Connect to Azure##############################"
$SecurePassword = ConvertTo-SecureString -String $AzurePassword -AsPlainText -Force
[PSCredential ]$cred = New-Object PSCredential ($AzureUsername, $SecurePassword)
#login to Azure
Login-AzureRmAccount -Credential $cred
Select-AzureRmSubscription -SubscriptionName $subscriptionName

 

DNS Domain Delegation

Next step is to create an Azure DNS Zone and update your domain name servers (domain delegation)
#Create new Zone
New-AzureRmDnsZone -Name $DomainName -ResourceGroupName $ResourceGroupName -ErrorAction Continue

Azure DNS is not a name registrar service (Azure DNS does not support purchasing of domain names) but a service providing name resolution using Microsoft Azure infrastructure and enabling automation.

Therefore, after creating the Azure DNS Zone you should delegate your domain in your registrar provider to use Azure DNS Name servers located in your zone. For more details arround zone delegation refer to this article.

 

Custom Domain Verification and  Setup

Once the domain delegation is setup Office 365 custom domain creation and verification is straight forward. Following PowerShell lines will add the custom domain in Office 365, populate Azure DNS zone with the TXT record needed for verification, run the verification, then create Exchange Online DNS entries.

write "###############Add DomainName in Office 365#########################"
New-MsolDomain -Name $DomainName -ErrorAction Continue
Get-MsolDomain

write "###############Get DNS verification code############################"
$txt=Get-MsolDomainVerificationDns -DomainName $DomainName -Mode DnsTxtRecord
write $txt

write "###############create DNS record in Azure ##########################"
New-AzureRmDnsRecordSet -Name '@' -RecordType "TXT" -ZoneName $txt.Label -ResourceGroupName $ResourceGroupName -Ttl $txt.Ttl -DnsRecords (New-AzureRmDnsRecordConfig -Value $txt.Text) -Overwrite

#Wait for DNS propagation which is very quick as inside Microsoft Network
Start-Sleep 10

write "############Confirm the DomainName is verified#############"
Confirm-MsolDomain -DomainName $DomainName -ErrorAction Continue

write "############create Exchange Office 365 DNS record in Azure##########"
#Exchange Records
$MX = $DomainName + '.mail.protection.outlook.com'
$SPF = "v=spf1 include:spf.protection.outlook.com -all"
$Auto = "autodiscover.outlook.com"
New-AzureRmDnsRecordSet -Name '@' -RecordType "MX" -ZoneName $DomainName -ResourceGroupName $ResourceGroupName -Ttl 3600 -DnsRecords (New-AzureRmDnsRecordConfig -Exchange $MX -Preference 0) -Overwrite
New-AzureRmDnsRecordSet -Name '@' -RecordType "TXT" -ZoneName $DomainName -ResourceGroupName $ResourceGroupName -Ttl 3600 -DnsRecords (New-AzureRmDnsRecordConfig -Value $SPF) -Overwrite
New-AzureRmDnsRecordSet -Name 'autodiscover' -RecordType "CName" -ZoneName $DomainName -ResourceGroupName $ResourceGroupName -Ttl 3600 -DnsRecords (New-AzureRmDnsRecordConfig -Cname $Auto) -Overwrite

You can download this script from my github repository which contains more options like removing your custom domain to cleanup your tenant.

Enjoy 🙂

Comments (0)

Skip to main content