- Mastering Identity and Access Management with Microsoft Azure
- Jochen Nickel
- 279字
- 2021-07-02 12:57:20
Configuring a custom domain
Under the Azure Active Directory | Custom domain section, click Add custom domain and complete the verification process to prove that you are the owner of the domain:
Add the TXT entry shown to your DNS zone to verify the domain:
Click the Verify button on your Azure portal, and after successful verification, the new DOMAIN NAME will appear under DOMAINS. Choose the Make primary option:
Open https://portal.office.com to complete the domain setup process under the admin section:
Choose the custom domain to be used for email addresses:
The last step we need to take is to set the new UserPrincipalNames to the existing users. We do this with a small example scripting solution:
- Connect to your Azure AD with your global administrator credentials:
Connect-AzureAD
- Export the existing users to a CSV file with the following cmdlet:
Get-AzureADUser -All $True | Where { $_.UserPrincipalName.ToLower().EndsWith("onmicrosoft.com")} | Export-Csv C:\Office365Users.csv
- Remove all accounts you don't want to modify and make the change with the following cmdlets:
$domain = "inovitlabs.ch"
Import-Csv 'C:\Office365Users.csv' | ForEach-Object {
$newupn = $_.UserPrincipalName.Split("@")[0] + "@" + $domain
Write-Host "Changing UPN value from: "$_.UserPrincipalName" to: " $newupn -ForegroundColor Green
Set-AzureADUser -ObjectId $_.UserPrincipalName -UserPrincipalName $newupn
}
- You should get a result similar to this:
The primary email will also be changed to the custom domain.
Next, we will configure the Azure AD Domain services to provide a transition scenario for a Kerberos-based application that is normally provided in on-premises infrastructure.