Aug 22 2020 11:09 AM
I have been trying to enable DKIM on office365 since a couple of days. I have entered all the require CNAME entry in the DNS. But when I try to run the below command via Powershell
Ran Powershell as an administrator then ran the following command
Set-ExecutionPolicy RemoteSigned
(kindly select yes to all option if asked)
$UserCredential = Get-Credential
(enter your Global admin account)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Once connected to Exchange online ran the below command
Set-DkimSigningConfig -Identity "MYDOMAIN" -Enabled $true
I am getting an below error saying
The operation couldn't be performed because object 'MYDOMAIN' couldn't be found on 'MAXPR01A05DC004.INDPR01A005.PROD.OUTLOOK.COM'.
Can someone help me here
Aug 22 2020 11:53 AM
Hey @Sumesh1980 ,
Run Get-Accepteddomain from exchange powershell, check if you are able to see the domain listed here.
Verify exchange services are selected while adding the domain, step 5 in the following article : https://support.microsoft.com/en-us/office/connect-your-domain-to-office-365-cd74b4fa-6d34-4669-9937...
If you don't see the domain listed in get-accepteddomain , and the services are selected that would mean a sync did not happen AADS and EXO; you will have to get a ticket going with MS to run the sync. Also, check if you are able to set the domain as SMTP for one of the users and try sending out a test email.
Thanks
Aug 22 2020 12:12 PM
Get-Accepteddomain is showing my domain. And also I am able to send emails that were configured on my mobile.
Aug 22 2020 12:38 PM
SolutionHey @Sumesh1980 ,
Okay, Just tested it, it appears you did not run the command :
New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.
So here are the steps that you need to complete in order to get this working:
1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME
Grab the CNAMES and update them in DNS.
Then run the command:
Set-DkimSigningConfig -Identity <domain> -Enabled $true
After running the command in Step 1, it should not give you the domain not found error.
Thanks
Aug 22 2020 01:41 PM
Aug 22 2020 03:43 PM
It depends on the DNS you are using and there may be a delay but most of the times it is not actually the DNS rather incorrectly updated records. The common mistake is to end up updating domain name twice like for example :
selector1._domainkey.domain.com.domain.com is updated as the CNAME instead of simply selector1._domainkey.domain.com.
Please follow instructions related to your DNS provider only to update the records. See this case in older post:
https://techcommunity.microsoft.com/t5/exchange/unable-to-activate-dkim/m-p/1540512
Thanks
Aug 22 2020 10:24 PM
Dec 31 2020 08:26 AM
Apr 27 2021 07:19 AM
Aug 22 2020 12:38 PM
SolutionHey @Sumesh1980 ,
Okay, Just tested it, it appears you did not run the command :
New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.
So here are the steps that you need to complete in order to get this working:
1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME
Grab the CNAMES and update them in DNS.
Then run the command:
Set-DkimSigningConfig -Identity <domain> -Enabled $true
After running the command in Step 1, it should not give you the domain not found error.
Thanks