Not Able to enable DKIM in Office365 - Online Exchange server

Copper Contributor

I have been trying to enable DKIM on office365 since a couple of days. I have entered all the require CNAME entry in the DNS. But when I try to run the below command via Powershell 


Ran Powershell as an administrator then ran the following command 

Set-ExecutionPolicy RemoteSigned
(kindly select yes to all option if asked)
$UserCredential = Get-Credential
(enter your Global admin account)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Once connected to Exchange online ran the below command

Set-DkimSigningConfig -Identity "MYDOMAIN" -Enabled $true

I am getting an below error saying 


The operation couldn't be performed because object 'MYDOMAIN' couldn't be found on 'MAXPR01A05DC004.INDPR01A005.PROD.OUTLOOK.COM'.


Can someone help me here 

8 Replies

Hey @Sumesh1980 ,


Run Get-Accepteddomain from exchange powershell, check if you are able to see the domain listed here.

Verify exchange services are selected while adding the domain, step 5 in the following article :


If you don't see the domain listed in get-accepteddomain , and the services are selected that would mean a sync did not happen AADS and EXO; you will have to get a ticket going with MS to run the sync.  Also, check if you are able to set the domain as SMTP for one of the users and try sending out a test email.



@harveer singh 

Get-Accepteddomain is showing my domain. And also I am able to send emails that were configured on my mobile. 


best response confirmed by Sumesh1980 (Copper Contributor)

Hey @Sumesh1980 ,


Okay, Just tested it, it appears you did not run the command :

New-DkimSigningConfig -DomainName <domain> -Enabled $false before updating the CNAME records.


So here are the steps that you need to complete in order to get this working:

1. New-DkimSigningConfig -DomainName <domain> -Enabled $false
2. Get-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME


Grab the CNAMES and update them in DNS.

Then run the command:

Set-DkimSigningConfig -Identity <domain> -Enabled $true


After running the command in Step 1, it should not give you the domain not found error.



@harveer singh 



Tried adding the CNAME as suggested by you
Set-DkimSigningConfig -Identity <domain> | Format-List Selector1CNAME, Selector2CNAME
CNAME format was same as below
Host name:selector1._domainkey
Points to address or value:    selector1-<domainGUID>._domainkey.<initialDomain>
Host name: selector2._domainkey
Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>
TTL: 3600
But I am getting error as below
CNAME record does not exist for this config. Please publish the following two CNAME records first.
    + CategoryInfo          : InvalidOperation: (:) [Set-DkimSigningConfig], Exception
    + FullyQualifiedErrorId : [Server=BMXPR01MB2423,RequestId=7a956dda-cf6e-4c60-b2b3-a50ac94264f0,TimeStamp=8/22/2020
    7:49:41 PM] [FailureCategory=Cmdlet-Exception] 3BEB77E9,Microsoft.Exchange.Management.SystemConfigurationTasks.Se
    + PSComputerName        :
Does it take time to CNAME to propogate it internet ?




It depends on the DNS you are using and there may be a delay but most of the times it is not actually the DNS rather incorrectly updated records. The common mistake is to end up updating domain name twice like for example : is updated as the CNAME instead of simply 

Please follow instructions related to your DNS provider only to update the records. See this case in older post:



@harveer singhHey thanks for helping me here. I was able to fix the issue.


Thanks Buddy

Thanks! Solved my problem!
Great. It solve my issue