Add subdomain to existing federated domain with Exhange Hybrid configured

Occasional Contributor

Hi All,


Our Office 365 is consists of one federated domain: Our onpremise AD domain consists only single-forest single-domain: But our Exchange 2010 onpremise environment has two accepted domains: and Users with primary smtp domain login with UPN format. Currently if we migrate user to Exchange Online, their primary smtp domain changed to


What I understand is we need to add domain to federated domain. How should I add domain? Is it by Admin portal, add new domain? or by Azure AD Powershell cmdlet? If I add domain from Admin portal, somehow it give permission to the we add on wizard user to create new Office 365 tenant.

 We would like to use two domains on the same tenant, and keep email users as is if we migrate their mailboxes.


We also need to keep all users , despite their primary smtp domain, still logon on to ADFS ( using current UPN. We do not have option to add domain on our onpremise AD environment and keep email users' UPN still using


Thanks a lot for your advice.

17 Replies
You can’t federate a domain not present in ad!
You could add the domain in office 365 then set the primary mail address in AD to correct address via the proxy addresses attribute!
I might have missed something though

I cannot add on Exchange online settings: accepted domain. It gives me direction to add the domain on tenant domain settings.
Yes! You add the domain under the admin portal -> domains! You have to have access to the dns server of the domain also though to proof that it’s yours

All you need to do is to add the subdomain in the O365 admin center. It will automatically verify it and it will also automatically inherit the authentication settings of the primary domain. PowerShell should work just fine as well.


This part I don't understand though, can you clarify?

If I add domain from Admin portal, somehow it give permission to the we add on wizard user to create new Office 365 tenant.

Vasil is absolutely correct here! No verification needed because it’s a sub domain

Attached is the screenshot after the step of "become the admin" subdomain I click okay, i've added the record, then it seems like new tenant and new admin for subdomain.png


or shoud I just run this on powershell azure AD module?:


prompt for domainname:


What is your question?
What arw tou trying to accomplish?

We want to add subdomain and currently we already have federated our domain. If we add from admin center > setup > domains >  add domain, it requests email address of to complete. Furthermore, if I click okay, I've added txt record, it redirect to create new tenant as screenshot I attached.


Does it the right way to add subdomain of existing federated domain? Or I can just add subdomain using Azure AD powershell?

Who is managing your DNS’s or you domain ? Is it Microsoft or somewhere else?

We use third party domain hosting. We can send request to them to add txt record as we have done for domain.

Can’t see any reference to creating a new tenant on your screenshot?
Is the subdomain listed under domains?
Furthermore you have to edit the dns for the subdomain to include the records necessary for the services you will use it for!
You can check your records if you click the domain in office 365 ( same place were you hopefully added it )
When everything is set you can federate it with your powershell cmdlet

Sorry, forgot to explain. It display user logged on to with Admin center shortcut icon displayed. I assumed new tenant for subdomain created as test4 has Adminc center shortcut icon.

We have added txt record for subdomain. And until now, the subdomain still not displayed on Admin center > setup > domains of tenant hosting

hmm..the domain should be visible! And a new tenant should definitely not be created! It's been awhile since I added a subdomain but basically it should be as usual when adding a domain! 

@Juan Carlos González Martín @Chris Webb @Vasil Michev

Best Response confirmed by ridfahri-04 (Occasional Contributor)

That seems like another stupid limitation of the "add domain" wizard, just use PowerShell (New-MsolDomain). Although I just tested it in one of my test tenants and I was able to add a subdomain to a federated domain just fine via the portal. So perhaps it's something specific to your setup. Anyway, just use PowerShell:


New-MsolDomain -Name -Authentication federated

I opened the case to Microsoft O365 Support. There was somebody in the company who created O365 tenant with domain. I took over the domain by using txt record verification, and then remove the domain from that tenant. I then add subdomain from Azure AD PowerShell.

Ooh!! Alright! Glad this worked out!!