This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 57.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETD%3C/text%3E%3C/svg%3E)
I am trying to remove a few extra '.onmicrosoft.com' domains I added to my Azure AD for testing
Steps taken so far:
Remove-MsolDomain : Unknown error occurred.
At line:1 char:1
Note: This is NOT the default '.onmicrosoft.com' domain that was created when tenant was created.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 48%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
According to the Microsoft Learn article Add and replace your onmicrosoft.com fallback domain in Microsoft 365 one cannot delete the extra domains once they are created (but I'm guessing if one contacts MS Support they can help);
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 55.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
How do I get access to my computer when a fraudulent onmicrosoft account is blocking features
Hi, internally we do not have a way at this time to remove 'onmicrosoft.com' domains from a tenant. Thanks for posting this documentation!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
As I understand your query , you seem to be trying to remove extra *.onmicrosoft.com' domain names from your Azure AD tenant . You have also mentioned that you the domain you are trying to remove is not the same domain that was created when tenant was created. The domain name that is created while we create a new tenant has type initial added to it as shown below.
The .onmicrosoft.com name is the initial name that is provided to a tenant whenever it is created. The .onmicrosoft.com namespace is Microsoft-owned service namespace for Azure AD service . Its not possible to have two verified .onmicrosoft.com domain names associated with a single azure AD tenant by design . If there were multiple .onmicrosoft.com domains in your Azure AD tenant; by design, only one would be verified domain that you would be able to use with users or groups while others would just be unverified domains which could be removed easily with the cmdlet Remove-AzureADdomain or Remove-MSolDomain.
I tried to see if multiple .onmicrosoft.com domain could be added . Whenever I add a new .onmicrosoft.com domain like abc.onmicrosoft.com to my azure AD tenant, the system asks me to verify the same. In order to verify that I will require access to the onmicrosoft.com DNS zone which no one has access to except Microsoft Cloud Services hence the domain would never become a verified domain in my case as you can see below.
For testing, I tried removing the initial domain xxxxxx13.onmicrosoft.com and got the following error.
PS C:\> Remove-MsolDomain -DomainName xxxxxxx13.onmicrosoft.com
Remove-MsolDomain : You cannot remove the initial domain created for you in Office 365.
At line:1 char:1
+ Remove-MsolDomain -DomainName MSDx756613.onmicrosoft.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Remove-MsolDomain], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InitialDomainDeletionException,Microsoft.Online.Administration.Automation.RemoveDomain
Then I tried removing other domains and I was successful without any issue as they were unverified domains.
PS C:\> Get-MsolDomain
Name Status Authentication
---- ------ --------------
xxxxxxx13.onmicrosoft.com Verified Managed
xxxxxxx13.mail.onmicrosoft.com Verified Managed
abcd.org Verified Managed
abc.onmicrosoft.com Unverified Managed
rd.onmicrosoft.com Unverified Managed
PS C:\> Remove-MsolDomain -DomainName abc.onmicrosoft.com
PS C:\> Get-MsolDomain
Name Status Authentication
---- ------ --------------
xxxxxxx13.onmicrosoft.com Verified Managed
xxxxxxx13.mail.onmicrosoft.com Verified Managed
abcd.org Verified Managed
rd.onmicrosoft.com Unverified Managed
In this case I added multiple .onmicrosoft.com domains and removed them using the PowerShell cmdlets Remove-MsolDomain and it worked without any issue. Ideally if you have multiple verified .onmicrosoft.com domains in your azure AD tenant , it can be some bug and we can help you further if you can provide more information on this. I hope the information provided clarifies how custom domains related to .onmicrosoft.com domains associated with a azure AD tenant . If the information is not helpful , please check if the domains you are trying to remove are verified or not. If they are verified , please let us know and we will continue to help you . Should the information in this thread help you , please do accept this post as answer which will help other members of the community and improve the relevancy of this thread.
Thank you .
----------------------------------------------------------------------------------------------------------------------------------------------------------
whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
Thank you for the reply. It seems that I left out some inportant information regarding adding additional .onmicrosoft.com domains in my first post.
As can be seen in the screenshot posted above, I have 3 verrified .onmicrosoft.com domains.
Steps to add verified .onmicrosoft.com domains
I have rerun all the commands you used above and posted the results below.
@Timothy Dirks · Thank you for providing the details. I have never used this option to create fallback domain . I am sorry to have missed this part . Its amazing to learn something new everyday despite working on same technology for quite some time. :) . I apologize for the oversight . It seems in your case your tenant that you are using is from some Office365 reseller mail service like GoDaddy etc. the NETORG prefix is given to tenants that are created through GoDaddy or other office 365 mail resellers . As far as I know there are certain restriction with them and they do not provide same feature parity as general Office 365 subscriptions because anyone signing up for office 365 from services like godaddy .
However this is an interesting scenario where we are able to add the fallback domain but not able to delete the same. I added a fallback domain by using the instructions that you shared by going to https://admin.microsoft.com/#/Domains/Details/. And I am unable to delete the fallback domains created later as well . I am getting the same error as you . I have reached out for help internally and will update you as soon as I find anything new.
Thank you.
Thank you for your reply. You are correct, this tenent did start out an GoDaddy 365 account. I was able to take total control of the tenant using the instructions provided here defederating-godaddy-365. The restrictions you mentioned are why I am trying to remove these domains in the first palce. I plan on starting out with a fresh tenant but I need one of the .onmicrosoft.com domains attached this current tenent.
I look forward to your reply regarding your internal investigation.
Thank you,
Edit: Spelling and grammar
@Timothy Dirks , apologies for the delay on this . I am yet to get an update on this from the backend team . AS soon I have anything , I will update the same with you.
Any update on this? It's been well over a month...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 35%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
i'm facing the same issue.
I'm having the same issue. Has anyone figured it out, yet?
Nope, the Microsoft devs stopped responding over a month ago...
So, what did you do? Did you just have to leave domain there on your tenant?
Yes, unfortunately.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 68%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
I am trying to do the same thing right now with extraneous /microsoft domains, and one I want to use in a new tenant. I have removed onmicrosoft domains in the past, just a couple months ago. I no longer can either and get the same error you do.
Back in February or January I saw the documentation regarding the ability to change the fallback domain in MS365, the Intiial Domain in Azure AD and the Sharepoint Home URL address. Since it conflicted with other documentation saying it wasn't possible to do this, and assuming they just didn't update the conflicting documentation yet, since they didn't say anything about deleting the onmicrosoft domains or the initial domain, even though documentation said you couldn't delete the initial/fallback domain, I gave it a try after changing to the newly created onmicrosoft domain, and I was successful in deleting it from my tenant.
But, it broke my Exchange instance and my verified domains no longer showed up as Accepted domains in EXOnline. After a month of going back and forth with support, getting escalated four or five times, eventually ending up dealing with the US engineering team, they were able to restore my Exchange functionality when I re-added the sign-up/root onmicrosoft domain that I initially signed up with. They didn't seem to be able to know from their end that the initial onmicroosft domain I signed up with was ever a part of the tenant at all. Initially they said "well it looks like your initial domain was "x" and now it is the new one, and you deleted "x"" However, the domain they were referring to was never the initial domain of the tenant, although I had created it then deleted it. It was at this point I informed them about my actual original domain. If it hadn't already been five weeks or so, I would have continued to play dumb to see if they could remap the o365/AAD component with Exchange, thus kind of backdooring a way to delete the original initial domain, but I couldn't wait any longer. I had changed the intial and fallback domains twice as I was playing with the new feature, so perhaps they only were able to see the domain from which it had been most recently changed, but not a comprehensive change log.
So it looks like at a minimum, the sign-up/root intitial/fallback domain serves as a link between AAD and EXOnline, and possibly any domain that has ever had this role. It seems however that they either can't determine which domains were previouisly intiial/fallback domains, or instead of scoping tenant global admin permissions to only be able to delete onmicorosft domains that had previously been fallbackintiial domains, or possibly, just the original/root fallback/intiial domain, they just made it so that we can't delete any of those domains. It seems my expermient exposed the need to limit this functionality.
I am also going to open a ticket to try and have them delete those domains. I think a couple workaround I might suggest are:
Appologies for thei multi message response. But I just ran Get-OrganizationConfig in ExOnline Powershell and from what I can see, the only domain that can't be removed without some serious remapping on the backend is the fomain that was used at the time of Tenant creation. My original creation onmicrosoft domain is still part of several attributes in my EXOnline tenant.
Here is a complete list of tenant ttributes where I see the creator onmicroft domain with Get-OrganizationConfig:
OrganizationId
Name
Identity
Microsoft Exchange Recipient Email Addresses
MicrosoftExchangeRecipientEmailAddressPolicyEnabaled
MicrosoftExchangeRecipientPrimarySmtpaddress
ElevatedAccessControl
DistinguishedName
OrganizationalUnitRoot
None of these attributes updated to the fallback/initial domain I am using now. However, there is no trace of either of the two onmicrosoft domains that I used previously that were not the original domain. In this test case I have changed the intiial/fallback domain three times and am on my fourth domain.
I hope this information can get us somewhere.
It would seem to me that if those attributes in Exoonline were renamed, then removal of all the domains should be possible. The only catch might be that there is an attribute called OrganizationHash, which would probably have to be rehashed if the Organization name was changed on the backend of the EXOnline instance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 16%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPL%3C/text%3E%3C/svg%3E)
Hi all,
I'm facing the same issue.
I created two sub-domains on my default "onmicrosoft.com" address:
Even the sub-domains aren't set as "Primary", I'm not able to delete one of them:
"subsub.xxx.onmicrosoft.com" is a custom domain with state: "Verified" but not the "Primary" domain:
Also deleting this Domain my Power-Shell with: Remove-AzureADDomain -Name subsub.AxxxxxxxxxxxA1.onmicrosoft.com was not possible.
What am I doing wrong?
Is this a Azure-Bug?
How to proceed here?