Dec 07 2018 10:04 AM
Dec 07 2018 10:04 AM
Our Office 365 is consists of one federated domain: company.com. Our onpremise AD domain consists only single-forest single-domain: company.com. But our Exchange 2010 onpremise environment has two accepted domains: company.com and coworkers.company.com. Users with primary smtp domain %@coworkers.company.com login with UPN firstname.lastname@example.org format. Currently if we migrate %@coworkers.company.com user to Exchange Online, their primary smtp domain changed to %@company.com.
What I understand is we need to add coworkers.company.com domain to federated domain. How should I add coworkers.company.com domain? Is it by Admin portal, add new domain? or by Azure AD Powershell cmdlet? If I add coworkers.company.com domain from Admin portal, somehow it give permission to the email@example.com we add on wizard user to create new Office 365 tenant.
We would like to use two domains on the same tenant, and keep %@coworkers.company.com email users as is if we migrate their mailboxes.
We also need to keep all users , despite their primary smtp domain, still logon on to ADFS (adfs.company.com) using current UPN. We do not have option to add domain coworkers.company.com on our onpremise AD environment and keep %@coworkers.company.com email users' UPN still using firstname.lastname@example.org.
Thanks a lot for your advice.
Dec 07 2018 10:17 AM
Dec 07 2018 03:38 PM
Dec 07 2018 03:58 PM
Dec 08 2018 07:11 AM
All you need to do is to add the subdomain in the O365 admin center. It will automatically verify it and it will also automatically inherit the authentication settings of the primary domain. PowerShell should work just fine as well.
This part I don't understand though, can you clarify?
If I add coworkers.company.com domain from Admin portal, somehow it give permission to the email@example.com we add on wizard user to create new Office 365 tenant.
Dec 08 2018 07:36 AM
Dec 09 2018 03:51 PM
Attached is the screenshot after the step of "become the admin" subdomain coworkers.company.com. I click okay, i've added the record, then it seems like new tenant and new admin for firstname.lastname@example.org.
or shoud I just run this on powershell azure AD module?:
prompt for domainname: coworkers.company.com
Dec 09 2018 09:44 PM
Dec 09 2018 10:46 PM
We want to add subdomain coworkers.company.com and currently we already have federated our company.com domain. If we add coworkers.company.com from admin center > setup > domains > add domain, it requests email address of @coworkers.company.com to complete. Furthermore, if I click okay, I've added txt record, it redirect email@example.com to create new tenant as screenshot I attached.
Does it the right way to add subdomain of existing federated domain? Or I can just add subdomain using Azure AD powershell?
Dec 09 2018 11:11 PM
Dec 09 2018 11:17 PM
We use third party domain hosting. We can send request to them to add txt record as we have done for company.com domain.
Dec 09 2018 11:24 PM
Dec 09 2018 11:52 PM
Sorry, forgot to explain. It display user firstname.lastname@example.org logged on to office.com with Admin center shortcut icon displayed. I assumed new tenant for coworkers.company.com subdomain created as test4 has Adminc center shortcut icon.
We have added txt record for coworkers.company.com subdomain. And until now, the subdomain still not displayed on Admin center > setup > domains of tenant hosting company.com.
Dec 10 2018 06:09 AM - edited Dec 10 2018 06:10 AM
Dec 10 2018 09:47 AMSolution
That seems like another stupid limitation of the "add domain" wizard, just use PowerShell (New-MsolDomain). Although I just tested it in one of my test tenants and I was able to add a subdomain to a federated domain just fine via the portal. So perhaps it's something specific to your setup. Anyway, just use PowerShell:
New-MsolDomain -Name sub2.domain.com -Authentication federated
Dec 13 2018 03:03 PM
I opened the case to Microsoft O365 Support. There was somebody in the company who created O365 tenant with coworkers.company.com domain. I took over the domain by using txt record verification, and then remove the coworkers.company.com domain from that tenant. I then add subdomain coworkers.company.com from Azure AD PowerShell.