Forum Discussion
Solved
Add subdomain to existing federated domain with Exhange Hybrid configured
Hi All,
Our Office 365 is consists of one federated domain: company.com. Our onpremise AD domain consists only single-forest single-domain: company.com. But our Exchange 2010 onpremise environment has two accepted domains: company.com and coworkers.company.com. Users with primary smtp domain %@coworkers.company.com login with UPN co.user@company.com format. Currently if we migrate %@coworkers.company.com user to Exchange Online, their primary smtp domain changed to %@company.com.
What I understand is we need to add coworkers.company.com domain to federated domain. How should I add coworkers.company.com domain? Is it by Admin portal, add new domain? or by Azure AD Powershell cmdlet? If I add coworkers.company.com domain from Admin portal, somehow it give permission to the user@coworkers.company.com we add on wizard user to create new Office 365 tenant.
We would like to use two domains on the same tenant, and keep %@coworkers.company.com email users as is if we migrate their mailboxes.
We also need to keep all users , despite their primary smtp domain, still logon on to ADFS (adfs.company.com) using current UPN. We do not have option to add domain coworkers.company.com on our onpremise AD environment and keep %@coworkers.company.com email users' UPN still using co.user@company.com.
Thanks a lot for your advice.
That seems like another stupid limitation of the "add domain" wizard, just use PowerShell (New-MsolDomain). Although I just tested it in one of my test tenants and I was able to add a subdomain to a federated domain just fine via the portal. So perhaps it's something specific to your setup. Anyway, just use PowerShell:
New-MsolDomain -Name sub2.domain.com -Authentication federated
All you need to do is to add the subdomain in the O365 admin center. It will automatically verify it and it will also automatically inherit the authentication settings of the primary domain. PowerShell should work just fine as well.
This part I don't understand though, can you clarify?
If I add coworkers.company.com domain from Admin portal, somehow it give permission to the user@coworkers.company.com we add on wizard user to create new Office 365 tenant.
Attached is the screenshot after the step of "become the admin" subdomain coworkers.company.com. I click okay, i've added the record, then it seems like new tenant and new admin for user@coworkers.company.com.
or shoud I just run this on powershell azure AD module?:
new-msolfederateddomain
prompt for domainname: coworkers.company.com
- Hi!
What is your question?
What arw tou trying to accomplish?
- Vasil is absolutely correct here! No verification needed because it’s a sub domain
- Hi!
You can’t federate a domain not present in ad!
You could add the domain coworker.domain.com in office 365 then set the primary mail address in AD to correct address via the proxy addresses attribute!
I might have missed something though
Adam- I cannot add coworkers.company.com on Exchange online settings: accepted domain. It gives me direction to add the domain on tenant domain settings.
- Yes! You add the domain under the admin portal -> domains! You have to have access to the dns server of the domain also though to proof that it’s yours
