SOLVED

Add subdomain to existing federated domain with Exhange Hybrid configured

Copper Contributor

Hi All,

 

Our Office 365 is consists of one federated domain: company.com. Our onpremise AD domain consists only single-forest single-domain: company.com. But our Exchange 2010 onpremise environment has two accepted domains: company.com and coworkers.company.com. Users with primary smtp domain %@coworkers.company.com login with UPN co.user@company.com format. Currently if we migrate %@coworkers.company.com user to Exchange Online, their primary smtp domain changed to %@company.com.

 

What I understand is we need to add coworkers.company.com domain to federated domain. How should I add coworkers.company.com domain? Is it by Admin portal, add new domain? or by Azure AD Powershell cmdlet? If I add coworkers.company.com domain from Admin portal, somehow it give permission to the user@coworkers.company.com we add on wizard user to create new Office 365 tenant.

 We would like to use two domains on the same tenant, and keep %@coworkers.company.com email users as is if we migrate their mailboxes.

 

We also need to keep all users , despite their primary smtp domain, still logon on to ADFS (adfs.company.com) using current UPN. We do not have option to add domain coworkers.company.com on our onpremise AD environment and keep %@coworkers.company.com email users' UPN still using co.user@company.com.

 

Thanks a lot for your advice.

17 Replies
Hi!
You can’t federate a domain not present in ad!
You could add the domain coworker.domain.com in office 365 then set the primary mail address in AD to correct address via the proxy addresses attribute!
I might have missed something though

Adam
I cannot add coworkers.company.com on Exchange online settings: accepted domain. It gives me direction to add the domain on tenant domain settings.
Yes! You add the domain under the admin portal -> domains! You have to have access to the dns server of the domain also though to proof that it’s yours

All you need to do is to add the subdomain in the O365 admin center. It will automatically verify it and it will also automatically inherit the authentication settings of the primary domain. PowerShell should work just fine as well.

 

This part I don't understand though, can you clarify?

If I add coworkers.company.com domain from Admin portal, somehow it give permission to the user@coworkers.company.com we add on wizard user to create new Office 365 tenant.

Vasil is absolutely correct here! No verification needed because it’s a sub domain

Attached is the screenshot after the step of "become the admin" subdomain coworkers.company.com. I click okay, i've added the record, then it seems like new tenant and new admin for user@coworkers.company.com.add subdomain.png

 

or shoud I just run this on powershell azure AD module?:

new-msolfederateddomain

prompt for domainname: coworkers.company.com

 

Hi!
What is your question?
What arw tou trying to accomplish?

We want to add subdomain coworkers.company.com and currently we already have federated our company.com domain. If we add coworkers.company.com from admin center > setup > domains >  add domain, it requests email address of @coworkers.company.com to complete. Furthermore, if I click okay, I've added txt record, it redirect user@coworkers.company.com to create new tenant as screenshot I attached.

 

Does it the right way to add subdomain of existing federated domain? Or I can just add subdomain using Azure AD powershell?

Who is managing your DNS’s or you domain ? Is it Microsoft or somewhere else?

We use third party domain hosting. We can send request to them to add txt record as we have done for company.com domain.

Can’t see any reference to creating a new tenant on your screenshot?
Is the subdomain listed under domains?
Furthermore you have to edit the dns for the subdomain to include the records necessary for the services you will use it for!
You can check your records if you click the domain in office 365 ( same place were you hopefully added it )
When everything is set you can federate it with your powershell cmdlet

Sorry, forgot to explain. It display user test4@coworkers.company.com logged on to office.com with Admin center shortcut icon displayed. I assumed new tenant for coworkers.company.com subdomain created as test4 has Adminc center shortcut icon.

We have added txt record for coworkers.company.com subdomain. And until now, the subdomain still not displayed on Admin center > setup > domains of tenant hosting company.com.

hmm..the domain should be visible! And a new tenant should definitely not be created! It's been awhile since I added a subdomain but basically it should be as usual when adding a domain! 

@Juan Carlos González Martín @Chris Webb @Vasil Michev

best response confirmed by ridfahri-04 (Copper Contributor)
Solution

That seems like another stupid limitation of the "add domain" wizard, just use PowerShell (New-MsolDomain). Although I just tested it in one of my test tenants and I was able to add a subdomain to a federated domain just fine via the portal. So perhaps it's something specific to your setup. Anyway, just use PowerShell:

 

New-MsolDomain -Name sub2.domain.com -Authentication federated

I opened the case to Microsoft O365 Support. There was somebody in the company who created O365 tenant with coworkers.company.com domain. I took over the domain by using txt record verification, and then remove the coworkers.company.com domain from that tenant. I then add subdomain coworkers.company.com from Azure AD PowerShell.

Ooh!! Alright! Glad this worked out!!

Adam
1 best response

Accepted Solutions
best response confirmed by ridfahri-04 (Copper Contributor)
Solution

That seems like another stupid limitation of the "add domain" wizard, just use PowerShell (New-MsolDomain). Although I just tested it in one of my test tenants and I was able to add a subdomain to a federated domain just fine via the portal. So perhaps it's something specific to your setup. Anyway, just use PowerShell:

 

New-MsolDomain -Name sub2.domain.com -Authentication federated

View solution in original post