Imagine that you wanted to build a directory that listed the contents of the World Wide Web
Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Take over an unmanaged directory as administrator in Azure Active Directory
In this articleThis article describes two ways to take over a DNS domain name in an unmanaged directory in Azure Active Directory (Azure AD), part of Microsoft Entra. When a self-service user signs up for a cloud service that uses Azure AD, they are added to an unmanaged Azure AD directory based on their email domain. For more about self-service or "viral" sign-up for a service, see What is self-service sign-up for Azure Active Directory? Decide how you want to take over an unmanaged directoryDuring the process of admin takeover, you can prove ownership as described in Add a custom domain name to Azure AD. The next sections explain the admin experience in more detail, but here's a summary:
Internal admin takeoverSome products that include SharePoint and OneDrive, such as Microsoft 365, do not support external takeover. If that is your scenario, or if you are an admin and want to take over an unmanaged or "shadow" Azure AD organization create by users who used self-service sign-up, you can do this with an internal admin takeover.
When the DNS TXT records are verified at your domain name registrar, you can manage the Azure AD organization. When you complete the preceding steps, you are now the global administrator of the Fourth Coffee organization in Microsoft 365. To integrate the domain name with your other Azure services, you can remove it from Microsoft 365 and add it to a different managed organization in Azure. Adding the domain name to a managed organization in Azure AD
Note Any users of Power BI or Azure Rights Management service who have licenses assigned in the Microsoft 365 organization must save their dashboards if the domain name is removed. They must sign in with a user name like rather than . External admin takeoverIf you already manage an organization with Azure services or Microsoft 365, you cannot add a custom domain name if it is already verified in another Azure AD organization. However, from your managed organization in Azure AD you can take over an unmanaged organization as an external admin takeover. The general procedure follows the article Add a custom domain to Azure AD. When you verify ownership of the domain name, Azure AD removes the domain name from the unmanaged organization and moves it to your existing organization. External admin takeover of an unmanaged directory requires the same DNS TXT validation process as internal admin takeover. The difference is that the following are also moved over with the domain name:
Support for external admin takeoverExternal admin takeover is supported by the following online services:
The supported service plans include:
External admin takeover is not supported for any service that has service plans that include SharePoint, OneDrive, or Skype For Business; for example, through an Office free subscription. Note External admin takeover is not supported cross cloud boundaries (ex. Azure Commercial to Azure Government). In these scenarios it is recommended to perform External admin takeover into another Azure Commercial tenant, and then delete the domain from this tenant so you may verify successfully into the destination Azure Government tenant. You can optionally use the ForceTakeover option for removing the domain name from the unmanaged organization and verifying it on the desired organization. More information about RMS for individualsFor RMS for individuals, when the unmanaged organization is in the same region as the organization that you own, the automatically created Azure Information Protection organization key and default protection templates are additionally moved over with the domain name. The key and templates are not moved over when the unmanaged organization is in a different region. For example, if the unmanaged organization is in Europe and the organization that you own is in North America. Although RMS for individuals is designed to support Azure AD authentication to open protected content, it doesn't prevent users from also protecting content. If users did protect content with the RMS for individuals subscription, and the key and templates were not moved over, that content is not accessible after the domain takeover. Azure AD PowerShell cmdlets for the ForceTakeover optionYou can see these cmdlets used in PowerShell example.
Note The unmanaged Azure AD organization is deleted 10 days after you exercise the external takeover force option. PowerShell example
A successful challenge returns you to the prompt without an error. Next steps
FeedbackSubmit and view feedback for Which of the following best describes the relationship between the World Wide Web and the Internet?Which of the following best describes the relationship between the World Wide Web and the Internet? The World Wide Web is a protocol that is accessed using a data stream called the Internet.
What exactly is the request asking for what does your browser expect to receive as a response?After successful connection, browser (client) sends a request to a server that I want this content. The server knows everything of what response it should send for every request. Hence, the server responds back. This response contains every information that you requested like web page, status-code, cache-control, etc.
What is the job of a router during the process of routing on the Internet?Routing is the ability to forward IP packets—a package of data with an Internet protocol (IP) address—from one network to another. The router's job is to connect the networks in your business and manage traffic within these networks.
Which of these protocols are used by the browser in fetching and loading the webpage?Which of these protocols were used by the browser in fetching and loading the webpage? The Hypertext Transfer Protocol (HTTP) is used by the browser to tell the host computer what file it wants to retrieve.
|