Share via

Issues with setting my bought domain as a primary one

Simon Sefcik 20 Reputation points
2024-08-28T09:43:05.0366667+00:00

Hello there,

so far from what i read there is no way to delete the original {number}.onmicrosoft.com primary domain assigned when the account gets created right?

However what i would like to do is set my verified domain as a primary one so the users I invite already are under this domain and not the: {number}.onmicrosoft.com.

When I go in Microsoft Entra to the Custom domain names section i can see my bought domain verified and the {number}.onmicrosoft.com one is set as available or thats the status.

When I try to make my bought domain primary I get 'unable to make domain name primary' error notification and thats that...

How could i fix this issue?

Thanks for the help

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,694 questions
0 comments
Accepted answer
  1. Akpesiri Ogbebor 300 Reputation points
    2024-08-29T10:34:13.0066667+00:00

    Hello @Simon Sefcik

    Thanks for the comment and follow-up information provided.

    A federated domain in Microsoft Entra ID is a domain configured to authenticate users using federation processes, such as Active Directory Federation Services (AD FS). All federated users must be created on-premises and synced using the Microsoft Azure Active Directory Sync Tool.

    Hence, a federated domain cannot be set as the primary domain in Azure Active Directory. The primary domain can only be a managed domain. To set a federated domain as the primary one, you must first convert it to a managed domain. However, this procedure may affect the users and services linked to the domain.

    I'd like you to please visit this link to help convert your ADFS domain to a managed domain.

    I hope this answer helps! If you have any more questions, please don't hesitate to ask.

    Reference: https://learn.microsoft.com/en-us/entra/identity/users/domains-manage

    https://answers.microsoft.com/en-us/msoffice/forum/all/is-it-possible-to-make-a-federated-domain-to/ef01521a-b89d-46c9-90e7-2f181c6790cf

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akpesiri Ogbebor 300 Reputation points
    2024-08-28T12:56:55.7033333+00:00

    Hi @Simon Sefcik

    I understand you’re experiencing difficulties configuring your custom domain as the primary domain in Microsoft Entra ID.

    Since the Domain has been verified on Azure, I suggest you log out and try again after a few hours. This resolved similar issues here.

    If you experience similar issues after trying again, please don't hesitate to contact me for help.

    Thanks

    Siri

  2. Sandeep G-MSFT 19,021 Reputation points Microsoft Employee
    2024-08-29T05:41:13.48+00:00

    @Simon Sefcik

    Thank you for posting this in Microsoft Q&A.

    I understand you are getting an error while trying to set your custom verified domain as primary.

    As I see your comments above, you have a verified domain in Entra ID which is federated.

    Type Custom

    Status Verified

    Federated Yes

    Primary domain No

    Federated domain cannot be set as the primary domain in Azure Active Directory. The primary domain can only be a managed domain. If you wish to set a federated domain as the primary one, you will first need to convert it to a managed domain However this procedure may have an effect on the users and services linked to the domain.

    This is because it is not supported unless using IDP server on-prem for the custom domain name, the initial domain name associated to the tenant is the domain name that is set as default for the directory. Such as "contoso.onmicrosoft.com " instead of the custom verified domain name of "contoso.com ". The AuthenticationType of Federated does not allow you to set the Federated domain as primary domain but rather needs to be a domain name where the AuthenticationType is set to Managed.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  3. Simon Sefcik 20 Reputation points
    2024-08-29T14:36:17.6733333+00:00

    I ran these commands

    1. Connect-MgGraph -Scopes "Directory.ReadWrite.All", "Domain.ReadWrite.All", "Domain.ReadWrite.All", "Directory.AccessAsUser.All", "User.ReadWrite.All"
    2. $InternalDomainFederationId = (Get-MgDomainFederationConfiguration -DomainId $domain).id
    3. Update-MgDomain -DomainId $domain -AuthenticationType "Managed"
    4. Get-MgDomain -DomainId $domain - just as a sanity check

    And it worked and i have a new primary domain! Thanks for the help.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.