Forum Discussion
Adding Subdomain to Entra ID but gets set automatically as federated.
I have a customer that is trying to added a subdomain (subdomain.contoso.com) to entra id for cloud only user accounts. Curranty they have the root domain (contoso.com) syncing from onprem AD that is federated but this subdomain should not be tied back to that domain.
I have tried these scripts with only errors.
Set-MsolDomainAuthentication -DomainName subdomain.domain.edu -Authentication managed.
***********
Connect-AzureAD
New-AzureADDomain -Name subdomain.domain.edu
Connect-MgGraph -Scopes Domain.ReadWrite.All
Update-MgDomain -DomainId subdomain.domain.edu -BodyParameter @{isRoot=$true}
ERROR - Update-MgDomain : isRoot property is read-only.
***********
Any assistance with this would be appreciated.
- The authentication method is tied to the parent domain. Read here: https://www.enowsoftware.com/solutions-engine/azure-active-directory-center/using-selective-authentication-per-subdomain-in-office-365
Using the New-MsolDomain cmdlet should help here (you might have to specify -Authentication). Afaik it's not deprecated just yet, at least the corresponding support article is still up: https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/new-msoldomain-cmdle-add-subdomain- I was able to find a way to promote the subdomain with this information.
https://learn.microsoft.com/en-us/graph/api/domain-promote?view=graph-rest-1.0&tabs=http
I tried this before and this was the error I received.
Update-MgDomain : Domain operation is not allowed.
At line:1 char:1
+ Update-MgDomain -DomainId "subdomain.domain.edu" -BodyParameter @{Authen ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ DomainId = re...tGraphDomain1 }:<>f__AnonymousType90`2) [Update-MgD
omain_Update1], RestException`1
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgDomain_Update1As I stated this has been resolved after using the information from this link. https://learn.microsoft.com/en-us/graph/api/domain-promote?view=graph-rest-1.0&tabs=http
