The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
domain verification...twice... RRS feed

  • Question

  • Patience with a total newbie here please. I added our domain name to Azure, verified, all was well. NOTE HERE - we also have an O365 subscription that is NOT connected to our Azure subscription (found this out later) and also added our domain name to O365, verified and all is well.

    I’m trying to integrate our AD with Azure. Ran the connector, all the users showed up in O365 but not Azure. - this is another problem I’m going to work with MS on.  Problem now...I deleted our domain name from Azure (not a good idea, I know) and am now trying to add it back but am getting “can not verify the domain’.  I ran across this post: https://social.msdn.microsoft.com/Forums/azure/en-US/8dfae0c7-eb4e-48dd-a548-fe29a88304a0/verify-custom-domain?forum=windowsazurewebsitespreview which states you cannot add the same domain in different microsoft services AT PRESENT.  Is this still true? If so, it states to remove and update the DNS records to be able to use in Azure. Is the person saying the txt record for the O365 verification needs to be removed? And would the first Azure txt record need to be removed also?
    Friday, October 30, 2015 4:14 PM

All replies

  • I'm not sure how you were able to verify the same internet DNS domain name with multiple Office 365 tenants. It is my understanding that this is not possible, so maybe there is a miscommunication somewhere.

    You don't have to delete the DNS records, but you should note, they aren't needed after the domain is verified, so I'd clean them up anyway.

    I'm not sure what Azure record you're talking about. Every Office 365 tenant comes with an Azure AD element with a default subscription, so these are really one and the same.


    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Friday, October 30, 2015 4:19 PM
  • Hi,

    You should never be able to verify a vanity domain in two separate Azure AD Instances, if this happened then it definitely shouldn't have done by guess is that the vanity domain name on the Azure AD Instance your using in Microsoft Azure was added but was not in a 'verified' state.

    Anyhow, my assumption here is that you are going to want to leave the vanity domain name against the Azure AD instance that your using for Office 365. I assume your working with Microsoft Support at the moment, when they go through the process with you providing it is in-line with our internal guidance I imagine the outcome is that your Azure Consumption Based Subscription will have an Account Admin in your O365 Azure AD Instance & the Default Directory will be updated to be your Office 365 Azure AD Instance. to which, you shouldn't then need to want to add your vanity domain name to the Azure AD Instance you was using in Microsoft Azure and effectively that Azure AD Instance will become redundant and won't be required going forward.

    If you drop me a mail to AzureADAssist [at] microsoft.[com] and include your current Support Service Incident Number I will check it out and make sure things are on track and offer any guidance if required to ensure this gets squared away for you correctly.

    Thanks,

    James.

    P.S. for future reference, you don't really need to clean up any old TXT records the only requirement is that the one that the verification record that is being asked of during a verification cycle is added to public DNS and can be looked up.


    Senior Escalation Engineer | Azure AD Identity & Access Management

    Saturday, October 31, 2015 1:07 PM