Export (0) Print
Expand All

Confirm-MsolDomain

Published: March 22, 2013

Updated: May 11, 2015

Applies To: Azure, Office 365, Windows Intune

noteNote
  • This topic provides online help content for cloud services, such as Windows Intune and Office 365, which rely on Microsoft Azure Active Directory for identity and directory services.

  • The Microsoft Azure Active Directory Module for Windows PowerShell cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

This cmdlet is used to confirm ownership of a domain. In order to confirm ownership, a custom TXT or MX DNS record must be added for the domain. The domain must first be added using the New-MsolDomain cmdlet, and then the Get-MsolDomainVerificationDNS cmdlet should be called to retrieve the details of the DNS record that must be set.

noteNote
Note that there may be a delay (15-60 minutes) between when the DNS update is made and when the cmdlet is able to verify.

Confirm-MsolDomain -DomainName <string> [-ActiveLogOnUri <string>] [-DefaultInteractiveAuthenticationMethod <string>] [-FederationBrandName <string>] [-IssuerUri <string>] [-LogOffUri <string>] [-MetadataExchangeUri <string>] [-NextSigningCertificate <string>] [-OpenIDConnectDisoveryEndpoint <string>] [-PassiveLogOnUri <string>] [-SigningCertificate <string>] [-SupportsMFA <boolean>] [-TenantId <Guid>] [<CommonParameters>]

    -ActiveLogOnUri <string>
        A URL that specifies the end point used by active clients when 
        authenticating with domains set up for single sign-on (also known as 
        identity federation) in Microsoft Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DomainName <string>
        The fully qualified domain name (FQDN) to verify.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DefaultInteractiveAuthenticationMethod <string>
        Specifies the default interactive authentication method in the form of 
        a valid URI. 
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -FederationBrandName <string>
        The name of the string value shown to users when signing in to Office 
        365. We recommend that customers use something that is familiar to 
        users, such as "Contoso, Inc."
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -IssuerUri <string>
        The unique identifier of the domain in the Office 365 identity 
        platform that is derived from the federation server.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -LogOffUri <string>
        The URL clients are redirected to when they sign out of Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -MetadataExchangeUri <string>
        The URL that specifies the metadata exchange end point used for 
        authentication from rich client applications such as Lync Online.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -NextSigningCertificate <string>
        The next token signing certificate that will be used to sign tokens 
        when the primary signing certificate expires.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -OpenIDConnectDisoveryEndpoint <string>
        Specifies the OpenID Connect Discovery Endpoint of a security token 
        service (STS) of a federated identity provider. 
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PassiveLogOnUri <string>
        The URL that web-based clients will be directed to when signing in to 
        Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -SigningCertificate <string>
        The current certificate used to sign tokens passed to the Office 365 
        identity platform.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -SupportsMFA <boolean>
        Indicates if the STS supports the Wauth parameter 
        http://schemas.microsoft.com/claims/multipleauthn and can issue the 
        claim http://schemas.microsoft.com/claims/authnmethodsreferences 
        specifying multi-factor authentication has been performed. 
        
        Required?                    false
        Position?                    named
        Default value                false
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        "get-help about_commonparameters".

The following command attempts to verify the domain contoso.com. In order for domain verification to succeed, the appropriate DNS records must first be set up. The list of DNS records to set up can be retrieved using the Get-MsolDomainVerificationDns cmdlet.

Confirm-MsolDomain -DomainName contoso.com

The following steps explain how to take ownership of a domain in Azure Active Directory, using Confirm-MsolDomain to confirm ownership as a final step.

  1. Connect to Azure AD by running the following cmdlets:

    import-module MSOnline
    $msolcred = get-credential
    connect-msolservice -credential $msolcred
    
    
    
  2. Specify your domain, by using the New-MsolDomain cmdlet:

    New-MsolDomain -Name <your-domain_name>
    
    
    
    For example:

    New-MsolDomain -Name contoso.com
    
  3. Then run the Get-MsolDomainVerificationDns cmdlet to create a challenge:

    Get-MsolDomainVerificationDns –DomainName <your_domain_name> –Mode DnsTxtRecord
    
    
    
    For example:

    Get-MsolDomainVerificationDns –DomainName contoso.com –Mode DnsTxtRecord
    
    
  4. Copy the value (the challenge) that is returned from this command.

    For example: MS=32DD01B82C05D27151EA9AE93C5890787F0E65D9

  5. In your public DNS namespace, create a DNS txt record that contains the value that you copied in the previous step.

    The name for this record is the name of the parent domain, so if you create this resource record by using the DNS role from Windows Server, leave the Record name blank and just paste the value into the Text box.

  6. Run the Confirm-MsolDomain cmdlet to verify the challenge:

    Confirm-MsolDomain -DomainName <your_domain_name>
    
    
    
    For example:

    Confirm-MsolDomain –DomainName contoso.com
    

A successful challenge returns you to the prompt without an error.

There are several other places you can get more information and help. These include:

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft