Work with domain names and DNS records in Azure AD

Updated: September 10, 2015

Applies To: Azure, Windows Intune

Important

Please bear with us as we migrate this and other content to the Microsoft Azure website. This topic is no longer being updated and might become out of date. Please bookmark the updated Azure article on this subject, Add your own domain name to Azure AD.

When your organization signs up for Azure AD, you’re given an initial domain name that looks like the following: contoso.onmicrosoft.com. In this example, ‘contoso’ is the name that you chose when you signed up. As a global administrator, you can add your own domain names for your organization to use with the services as well, or remove domains that you’ve added previously.

Note

This topic provides online help content for cloud services, such as Microsoft Intune and Office 365, which rely on Microsoft Azure Active Directory for identity and directory services.

What do you want to do?

  • About your onmicrosoft.com domain

  • Use your own domain

  • About domain status

  • Change your primary domain name for new users

  • Remove a domain name

About your onmicrosoft.com domain

You can use your Azure AD domains with other services. For example, you can use the domains with Exchange Online and Lync Online to create distribution lists and sign-in accounts so users can access SharePoint Online and site collections.

Tip

Using Office 365? You cannot, however, host SharePoint Online on a onmicrosoft.com domain. SharePoint Online can only be hosted on your SharePoint domain, such as contoso.sharepoint.com, or with a custom domain, such as www.contoso.com, that you add to the cloud service.

If you add your own domain names to your tenant, you can continue to use your onmicrosoft.com domain.

Note

After you choose the name to use with the cloud service during signup, such as contoso.onmicrosoft.com, you cannot change the name.

Use your own domain

If you want your hosted email or other services to use a domain name that you own rather than the one that you were given at signup, you can add the domain name to Azure AD. After you add the domain and it has been verified that you own it, you can set up email, create accounts with the domain name, create groups that include the domain name, and use the domain name for your SharePoint Online hosted website by changing DNS records at your DNS hosting provider. For more information, see Add your custom domain to Azure AD.

Important

  • You must own a domain name before you can add it. If you don’t yet own the domain name that you want to add, register the domain by using a domain registrar. For more information, see Internet domain management in Azure AD.

  • You cannot add domains that you’re already using in another tenant. For more information, see Add your custom domain to Azure AD.

  • Before you can verify a domain that you’ve added, you must have the sign-in credentials for your domain registrar or DNS hosting provider, unless the name server for your domain is on premises. If you don’t remember where your DNS records are hosted, see Locate your domain services.

Tip

Using Office 365? If your organization is already using your Internet domain name to send and receive email, and you want to use that domain with Exchange Online, there are several ways for you to start using your domain name with Exchange Online. For example, you can set up Exchange Online to coexist with your current email management system. Another option is to migrate your current email system to use Exchange Online. For more information about setting up and using email with your domain name, see Exchange Hybrid Deployment and Migration with Office 365.

Note

If you plan to use single sign-on with the cloud service, we recommend that you help prepare your Active Directory environment by running the Microsoft Deployment Readiness Tool. This tool inspects your Active Directory environment and provides a report that includes information about whether you are ready to set up single sign-on. If not, it lists the changes you need to make to prepare for single sign-on. For example, it inspects whether your users have UPNs and if those UPNs are in the correct format. To download the tool, see Microsoft Deployment Readiness Tool.

About domain status

On the Domains page, you can view the status of each of your domain names in the cloud service. The following table lists the status options for domains.

Status Definition

Click to verify domain

The domain has been added to your account, but the cloud service has not yet verified that you own the domain. You cannot use the domain with any of the services until verification is complete. Click the status to go verify your domain, or for more information about verification, see Add your custom domain to Azure AD.

Active

The initial onmicrosoft.com domain that is created when you open your account has this status.

Verified

The domain has been successfully added and the cloud service has verified that you own it.

Pending deletion

The cloud service has started removing the domain, but the removal process isn’t complete, or there is an issue with removing the domain. For more information, see the section later in this article: Remove a domain name.

If your domain status is Verified but you still aren’t receiving email on the domain in the cloud service, try troubleshooting the problem. For more information, see Troubleshoot issues after changing your domain name in Azure AD.

Change your primary domain name for new users

After you add your domain name to Azure AD, you can change the domain name that should show as the default when you create a new user account. To do this, follow these steps.

  1. On the portal page, in the top left corner, click your organization name.

  2. Click Edit.

  3. Choose a new default domain name, such as the custom domain name that you added.

Remove a domain name

Before you remove a domain name, we recommend that you read the following information:

  • The original contoso.onmicrosoft.com domain name that was provided for your tenant when you signed up cannot be removed from your tenant.

  • Any top-level domains that have subdomains associated with it cannot be removed until the subdomains have first been removed. For example, you can’t remove adatum.com if you have corp.adatum.com or another subdomain that use the top-level domain name. For more information, see this Support article.

  • Have you activated directory synchronization? If so, a domain was automatically added to your account that looks similar to this: contoso.mail.onmicrosoft.com. This domain name can’t be removed.

  • Before you can remove a domain name, you must first remove the domain name from all user or email accounts associated with the domain. You can remove all of the accounts, or you can bulk edit user accounts to change their domain name information and email addresses. For more information, see Create or edit users in Azure AD.

  • If you are hosting a SharePoint Online site on a domain name that is being used for a SharePoint Online site collection, you must delete the site collection before you can remove the domain name.

To remove a domain name, follow these steps.

  1. On the portal page, in the left pane, click Domains.

  2. On the Domains page, select the domain name that you want to remove, and then click Remove domain.

  3. On the Remove domain page, click Yes.

If your domain name can’t be removed at this time, the status for the domain name is shown as Pending removal on the Domains page. If you continue to see this status, try again to remove the domain name.