This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 70%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
As per my testing, I found the current create domain does not allow to create sub domain when root domain is federated. No matter if sudomain is set to "Federated" or "Managed". Repro steps:
New-MgDomain -Id "sub.domain.com" -AuthenticationType "Managed"
New-MgDomain -Id "sub.domain.com" -AuthenticationType "Federated"
MS Graph API used when using Ms Graph Explorer:
POST: https://graph.microsoft.com/v1.0/domains
Req body:
{
"id": "sub.domain.com",
"authenticationType": "Managed"
}
{
"id": "sub.domain.com",
"authenticationType": "Federated"
}
Tried on both "v1.0" and "beta" MS Graph version, both not working.
We got this error when trying to set subdomain as "Managed":
{ "error": { "code": "Request_BadRequest", "message": "One or more properties contains invalid values.", "innerError": { "date": "2023-04-19T07:14:16", "request-id": "96697314-bc2c-4ab3-8e84-511929237595", "client-request-id": "be1d7add-f6ff-d220-cdc7-ac70e8b9dabc" } } }
We got this error when trying to set subdomain as "Federated":
{ "error": { "code": "Request_BadRequest", "message": "Creation of federated domain is not allowed.", "innerError": { "date": "2023-04-19T07:18:59", "request-id": "ba6dbfd4-fec5-4584-af2c-4bca5a40ad9a", "client-request-id": "014d840f-52d2-61a5-a24b-ddb0f2f220ad" } } }
The API only works when creating a sub domain (managed) which the root is also managed:
Currently, when using the old "MSOnline" powershell command we can achieve the requirement, createing a sub domain as "Federated", command:
New-MsolDomain -Name "sub.domain.com" -Authentication Federated
The sub domain is needed in cases when we want to create mailboxes. After MSOL powershell module been deprecated, this will become unachievable. Could you please have a review and consider to allow this in MS Graph API?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Longfei Sun, Thanks for reaching out. You are correct the Azure Powershell modules are scheduled to deprecated as of 30th June 2023 per article. I would suggest you open a ticket for the affected tenant or provide your suggestion and feedback using the below link https://aka.ms/graphexplorer. Thanks.