Manage domains in Azure AD

Published: February 12, 2015

Updated: July 30, 2015

Applies To: Azure, Azure Active Directory, Office 365, Windows Intune

Use the following cmdlets to perform a variety of domain management tasks, including creating or removing a domain.

 

Windows PowerShell cmdlet Description

Confirm-MsolDomain

The Confirm-MsolDomain cmdlet is used to confirm ownership of a domain. In order to confirm ownership, a custom TXT DNS record must be added for the domain. The domain must first be added using the New-MsolDomain cmdlet, and then the Get-MsolDomainVerificationDNS cmdlet should be called to retrieve the details of the DNS record that must be set.Note that there may be a delay (15 to 60 minutes) between when the DNS update is made and when the cmdlet is able to confirm ownership of a domain.

Confirm-MsolEmailVerifiedDomain

Confirm-MsolEmailVerifiedDomain is used to confirm ownership of an unmanaged tenant.

Get-MsolDomain

The Get-MsolDomain cmdlet is used to retrieve company domains.

Get-MsolDomainVerificationDns

The Get-MsolDomainVerificationDns cmdlet is used to return the DNS records that need to be set to verify a domain.

New-MsolDomain

The New-MsolDomain cmdlet is used to create a new domain object. This cmdlet can be used to create a domain with managed or federated identities, although the New-MsolFederatedDomain cmdlet should be used for federated domains in order to ensure proper setup.

Remove-MsolDomain

The Remove-MsolDomain cmdlet is used to delete a domain from Azure AD. The domain being deleted must be empty; that is, there cannot be any users or groups with email addresses in this domain.

Set-MsolDomain

The Set-MsolDomain cmdlet is used to update settings for a domain. Using this cmdlet, the default domain can be changed, or the capabilities (Email, Sharepoint, OfficeCommunicationsOnline) can be changed.

Set-MsolDomainAuthentication

The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication between standard identity and single sign-on. This cmdlet will only update the settings in Azure AD; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated should be used instead.

Get-MsolPasswordPolicy

Retrieves the current password policy for the tenant or the specified domain.

Set-MsolPasswordPolicy

Sets the values associated with the password notification window and password validity window for a specified domain or all domains in the tenant.

See Also

Show: