New Domain

Mitch Watson 1 Reputation point

We recently had to rebuild our entire domain we had Azure/AD Connect running on our old domain. I would like to remove all reference to the old domain and then start a new connect so I can implement 2FA using Azure. What would be the correct steps to do this?

Thank You

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,629 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 32,541 Reputation points Microsoft Employee

    You can delete the domain following the steps in this guide:

    The original domain like can't be removed, and any top-level domain that has subdomains associated with it cannot be removed until the subdomains have been removed. For other custom domain names, you must change or delete any related resources in your Azure AD directory before you can delete the custom domain name. Only a Global Administrator can manage domains in Azure AD, so make sure you have those permissions.

    To delete a custom domain name, you must first ensure that no resources in your directory have dependencies related to the domain name. You can't delete a domain name from your directory if:

    • Any user has a user name, email address, or proxy address that includes the domain name.
    • Any group has an email address or proxy address that includes the domain name.
    • Any application in your Azure AD has an app ID URI that includes the domain name.

    To delete a domain:

    1.) Sign into the Azure classic portal using an account with global admin privileges for that directory.

    2.) Open your directory, and select Domains.

    3.) Select the domain and click Delete.

    See related thread.

    0 comments No comments

  2. Mitch Watson 1 Reputation point

    Thank you for the direction just a few questions before I proceed. Since we are not currently AD syncing to Azure right now we are totally on Prem there should be no adverse reactions to me deleting this right? We don't or didn't use Office 365 or On-line Outlook or any Azure service except the AD-Sync. Because this whole issue came to light because of a security issue is it best to totally delete the domain and then rebuild or would deleting all the users and groups and such and then start a new AD-sync for 2FA be better?


    0 comments No comments