SharePoint Online, Vanity Domain, PowerShell, CSOM and the MSOID cname record


You are using PowerShell plus CSOM to automate some scenarios managing content stored in SharePoint Online Lists, Libraries and more. To authenticate your PowerShell session, you may use SharePointOnlineCredentials. Additionally you configured your Tenant to use your vanity domain, like contoso.com instead of contoso.onmicrosoft.com or contoso.onmicrosoft.de or also other sovereign clouds we have.

During the configuration steps as Tenant Admin, you may saw:

image

In case you said “I’ll manage my own DNS records”, the rest of this post might be interesting. Winking smile

MSOID record, why? https://support.office.com/en-us/article/What-s-the-purpose-of-the-Office-365-CNAME-record-for-msoid-19b67e2b-1b28-4432-8cca-394803fbdc87

Let me add some copied text, so that others can find it as well:

Technical details: When you run a client application that works with Office 365 such as Skype for Business Online, Outlook, Windows PowerShell or Microsoft Azure Active Directory Sync tool, your credentials must be authenticated. Office 365 uses a CNAME record to point to the correct authentication endpoint for your location, which ensures rapid authentication response times.

For the international clouds the authentication will be faster, because when the client cannot find the MSOID.contoso.com, it will failback to login.microsoftonline.com, that works, but is slower. For all other sovereign clouds this entry is mandatory, otherwise your login may not work.

The right cname record for our international clouds is documented here: https://support.office.com/en-us/article/Create-DNS-records-at-any-DNS-hosting-provider-for-Office-365-7b7b075d-79f9-4e37-8a9e-fb60c1d95166

For the Microsoft Cloud Germany we tested successful with CNAME for msoid.contoso.com = login.microsoftonline.de.

Having that configured, the following PowerShell code may work:

################################################################################################

# THIS CODE-SAMPLE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED

# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR

# FITNESS FOR A PARTICULAR PURPOSE.

#

# This sample is not supported under any Microsoft standard support program or service.

# The script is provided AS IS without warranty of any kind. Microsoft further disclaims all

# implied warranties including, without limitation, any implied warranties of merchantability

# or of fitness for a particular purpose. The entire risk arising out of the use or performance

# of the sample and documentation remains with you. In no event shall Microsoft, its authors,

# or anyone else involved in the creation, production, or delivery of the script be liable for

# any damages whatsoever (including, without limitation, damages for loss of business profits,

# business interruption, loss of business information, or other pecuniary loss) arising out of

# the use of or inability to use the sample or documentation, even if Microsoft has been advised

# of the possibility of such damages.

################################################################################################

 

##

## Testing login to sovereign clouds

##

##

 

[System.Reflection.Assembly]::LoadFile("C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.dll") | Out-Null

 

[System.Reflection.Assembly]::LoadFile("C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell\Microsoft.SharePoint.Client.Runtime.dll") | Out-Null

 

 

$username = "UserName@contoso.com"

$password = "MyOwnSecretPassword"

$url = "https://contoso.sharepoint.de"

 

 

$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force

 

# connect/authenticate to SharePoint Online and get ClientContext object..

$clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($url)

$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $securePassword)

$clientContext.Credentials = $credentials

 

 

if (!$clientContext.ServerObjectIsNull.Value)

{

    Write-Host "Connected to SharePoint Online site: '$Url'" -ForegroundColor Green

}

 

$rootWeb = $clientContext.Web

$childWebs = $rootWeb.Webs

$clientContext.Load($rootWeb)

$clientContext.Load($childWebs)

$clientContext.ExecuteQuery()

 

function processWeb($web)

{

    $lists = $web.Lists

    $clientContext.Load($web)

    $clientContext.ExecuteQuery()

    Write-Host "Web URL is" $web.Url

}

 

foreach ($childWeb in $childWebs)

{

    processWeb($childWeb)

}

 

 

Other resources:

https://msdn.microsoft.com/en-us/pnp_articles/extending-sharepoint-online-for-germany-china-usgovernment-environments

Comments (0)

Skip to main content