Share via

Manage domains in Azure AD

Updated: July 30, 2015

Applies To: Azure, Azure Active Directory, Office 365, Windows Intune

Manage domains

Use the following cmdlets to perform a variety of domain management tasks, including creating or removing a domain.

Windows PowerShell cmdlet Description


The Confirm-MsolDomain cmdlet is used to confirm ownership of a domain. In order to confirm ownership, a custom TXT DNS record must be added for the domain. The domain must first be added using the New-MsolDomain cmdlet, and then the Get-MsolDomainVerificationDNS cmdlet should be called to retrieve the details of the DNS record that must be set.Note that there may be a delay (15 to 60 minutes) between when the DNS update is made and when the cmdlet is able to confirm ownership of a domain.


Confirm-MsolEmailVerifiedDomain is used to confirm ownership of an unmanaged tenant.


The Get-MsolDomain cmdlet is used to retrieve company domains.


The Get-MsolDomainVerificationDns cmdlet is used to return the DNS records that need to be set to verify a domain.


The New-MsolDomain cmdlet is used to create a new domain object. This cmdlet can be used to create a domain with managed or federated identities, although the New-MsolFederatedDomain cmdlet should be used for federated domains in order to ensure proper setup.


The Remove-MsolDomain cmdlet is used to delete a domain from Azure AD. The domain being deleted must be empty; that is, there cannot be any users or groups with email addresses in this domain.


The Set-MsolDomain cmdlet is used to update settings for a domain. Using this cmdlet, the default domain can be changed, or the capabilities (Email, Sharepoint, OfficeCommunicationsOnline) can be changed.


The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication between standard identity and single sign-on. This cmdlet will only update the settings in Azure AD; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated should be used instead.


Retrieves the current password policy for the tenant or the specified domain.


Sets the values associated with the password notification window and password validity window for a specified domain or all domains in the tenant.

See Also


Manage Azure AD using Windows PowerShell