The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Exchange online domain verification error RRS feed

  • Question

  • I started this question in the Exchange Online Forum and it was suggested that I ask the question here. 

    You cannot vote on your own post
    0
    I have two active directory domains (C1.com and C2.com) in separate locations that are not in the same forest. C1.com and C2.com are synced to separate Azure subscriptions using Azure AD Connect. I use the C2.com domain for user authentication in that Azure subscription and for website addresses. The two subscriptions have different owners in Azure.

    I have a single on premises Exchange server in C1.com that accepts e-mail for C2.com as an alias to users. (me@C1.com has a secondary e-mail address of me@C2.com). There are also a couple of "e-mail only" domains (no AD) that are used as aliases. This works fine and has for many years.

    I now want to migrate my Exchange server to Office 365 E3. I logged on to the Office365 portal and added my C1.com to my account using the txt record for verification with no problems. I also added the e-mail only domains. I have not modified the MX records yet.

    When I add the C2.com domain I get the message "We have confirmed that you own C2.com, but we cannot add it to this tenant at this time. The domain is already added to a different Office 365 tenant: UserC2onmicrosoft.com."

    All I need is the ability to have the same exchange online server accept e-mail into Office365 from C1.com and C2.com. I don't really care about the C2.com AD users in Office365 since the C1.com users have email address for both domains. I saw this article https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer, but I am not sure if it will accomplish what I want. Would putting both subscriptions under the same owner (and keeping the subscriptions separate) resolve this issue? If not, are there any other suggestions?

    Thanks in advance for any help and advice.


    Eric Logsdon Cooperative Technologies, Inc.

    Tuesday, January 29, 2019 2:28 PM

All replies

  • Each custom domain can only be used in one Azure AD tenant and you can’t add the same domain to multiple Windows Azure AD tenants. In general, if you delete a domain in a Azure directory, then you can add it to another Windows AD Tenant.

    From what it looks like, it maybe that the domain could have been verified with a shadow tenant. If that being the case, you can follow the documentation to Admin Force takeover the shadow tenant. Once done, you can remove the domain that was verified there and then re-verify the domain to your intended domain
    Thursday, January 31, 2019 10:47 AM
    Moderator
  • Neelesh,

    Thanks for your response. I want to make sure I understand before I start "doing things" so I don't break anything. 

    I set up c1.com using the Microsoft ID user1@c1.com to create the account and subscription. The Windows AD c1.com is "synced" with Azure AD using AADConnect. The default directory for this subscription is c1.com. user1@c1.com is listed as a user in AAD c1.com as a Microsoft Account. In addition the c1.com domain has been verified for use in web server addresses.

    I set up c2.com using the Microsoft Account user2@c1.com to create the account and subscription. The Windows AD c2.com is "synced" with Azure Ad using AADConnect. The default directory for this subscription is user2c2.onmicrosoft.com. user2@c1.com is listed in user2c1.onmicrosoft.com as a Microsoft account. In addition the c2.com domain has been verified for use in web server addresses.

    user3@c1.com was used to set up the office365 account. Domain c1.com was verified to be used by Exchange Online. Trying to verify c2.com to be used by Exchange online in the same Office365 receives the error "We have confirmed that you own C2.com, but we cannot add it to this tenant at this time. The domain is already added to a different Office 365 tenant: UserC2onmicrosoft.com."

    From what I've read, I'm not sure if I have a shadow tenant. (You are more knowledgeable than me, I am trying to understand.) If the subscriptions for c1 and c2 were put under the same account ownership (as in https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer) and kept as separate subscriptions for our internal purposes, would that help any?

    The end result of what I am trying to accomplish is to log onto my e-mail and see e-mail for me@c2.com and me@c2.com in my inbox as I do now. 


    Eric Logsdon Cooperative Technologies, Inc.

    Friday, February 1, 2019 8:07 PM