Confirm-MsolDomain

Updated: July 30, 2015

Applies To: Azure, Office 365, Windows Intune

Note



  • The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

This cmdlet is used to confirm ownership of a domain. In order to confirm ownership, a custom TXT or MX DNS record must be added for the domain. The domain must first be added using the New-MsolDomain cmdlet, and then the Get-MsolDomainVerificationDNS cmdlet should be called to retrieve the details of the DNS record that must be set.

Note

Note that there may be a delay (15-60 minutes) between when the DNS update is made and when the cmdlet is able to verify.

Syntax

Confirm-MsolDomain -DomainName <string> [-ActiveLogOnUri <string>] [-DefaultInteractiveAuthenticationMethod <string>] [-FederationBrandName <string>] [-IssuerUri <string>] [-LogOffUri <string>] [-MetadataExchangeUri <string>] [-NextSigningCertificate <string>] [-OpenIDConnectDisoveryEndpoint <string>] [-PassiveLogOnUri <string>] [-SigningCertificate <string>] [-SupportsMFA <boolean>] [-TenantId <Guid>] [<CommonParameters>]

Parameters

    -ActiveLogOnUri <string>
        A URL that specifies the end point used by active clients when 
        authenticating with domains set up for single sign-on (also known as 
        identity federation) in Microsoft Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DomainName <string>
        The fully qualified domain name (FQDN) to verify.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DefaultInteractiveAuthenticationMethod <string>
        Specifies the default interactive authentication method in the form of 
        a valid URI. 
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -FederationBrandName <string>
        The name of the string value shown to users when signing in to Office 
        365. We recommend that customers use something that is familiar to 
        users, such as "Contoso, Inc."
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -IssuerUri <string>
        The unique identifier of the domain in the Office 365 identity 
        platform that is derived from the federation server.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -LogOffUri <string>
        The URL clients are redirected to when they sign out of Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -MetadataExchangeUri <string>
        The URL that specifies the metadata exchange end point used for 
        authentication from rich client applications such as Lync Online.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -NextSigningCertificate <string>
        The next token signing certificate that will be used to sign tokens 
        when the primary signing certificate expires.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -OpenIDConnectDisoveryEndpoint <string>
        Specifies the OpenID Connect Discovery Endpoint of a security token 
        service (STS) of a federated identity provider. 
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PassiveLogOnUri <string>
        The URL that web-based clients will be directed to when signing in to 
        Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -SigningCertificate <string>
        The current certificate used to sign tokens passed to the Office 365 
        identity platform.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -SupportsMFA <boolean>
        Indicates if the STS supports the Wauth parameter 
        https://schemas.microsoft.com/claims/multipleauthn and can issue the 
        claim https://schemas.microsoft.com/claims/authnmethodsreferences 
        specifying multi-factor authentication has been performed. 
        
        Required?                    false
        Position?                    named
        Default value                false
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        "get-help about_commonparameters".

Examples

Example 1

The following command attempts to verify the domain contoso.com. In order for domain verification to succeed, the appropriate DNS records must first be set up. The list of DNS records to set up can be retrieved using the Get-MsolDomainVerificationDns cmdlet.

Confirm-MsolDomain -DomainName contoso.com

Example 2

The following steps explain how to take ownership of a domain in Azure Active Directory, using Confirm-MsolDomain to confirm ownership as a final step.

  1. Connect to Azure AD by running the following cmdlets:

    import-module MSOnline
    $msolcred = get-credential
    connect-msolservice -credential $msolcred
    
  2. Specify your domain, by using the New-MsolDomain cmdlet:

    New-MsolDomain -Name <your-domain_name>
    

    For example:

    New-MsolDomain -Name contoso.com
    
  3. Then run the Get-MsolDomainVerificationDns cmdlet to create a challenge:

    Get-MsolDomainVerificationDns –DomainName <your_domain_name> –Mode DnsTxtRecord
    

    For example:

    Get-MsolDomainVerificationDns –DomainName contoso.com –Mode DnsTxtRecord
    
  4. Copy the value (the challenge) that is returned from this command.

    For example: MS=32DD01B82C05D27151EA9AE93C5890787F0E65D9

  5. In your public DNS namespace, create a DNS txt record that contains the value that you copied in the previous step.

    The name for this record is the name of the parent domain, so if you create this resource record by using the DNS role from Windows Server, leave the Record name blank and just paste the value into the Text box.

  6. Run the Confirm-MsolDomain cmdlet to verify the challenge:

    Confirm-MsolDomain -DomainName <your_domain_name>
    

    For example:

    Confirm-MsolDomain –DomainName contoso.com
    

A successful challenge returns you to the prompt without an error.

Additional Resources

There are several other places you can get more information and help. These include:

See Also

Other Resources

Manage Azure Active Directory by using Windows PowerShell