Confusion RE Custom Domain for WAAD Directory Integration RRS feed

  • Question

  • First post here on Technet.

    I am looking to see if someone can answer questions I have regarding WAAD and the on-prem AD integration piece. My company owns a few domains at (mydomain).net, .com and our internal domain .cfx. When setting up WAAD AD integration you have to create a custom domain and verify ownership, that piece is well documented. My question is why this is necessary when other IAM's (Okta, Ping, etc.) only require a directory sync type tool be put on your domain.

    What is the purpose of this custom domain?

    How will this affect my other usage of my domains such as (mydomain).net that is currently serving my purposes to host terminal services. Or our commercial website at (mydomain).com?

    If I used our commercial instance domain (not planning on doing this) would that redirect all traffic from our commercial website to our Azure instance?

    How are you all doing this? Putting azure infront of your domain e.g. auzre.mydomain.com?

    Thanks for your help in advance, I just can't wrap my brain around why this is necessary and what affect this has on the domain that you setup and verify in Azure.

    Tuesday, November 26, 2013 3:27 PM


  • Hi,

    Thanks for your question, to close this particular question out we ask you to verify your custom domain in Azure Active Directory so that we can prove the domain that your adding to your tenant belong to the person whom is adding it. This is to prevent organizations that do not own such domain from adding this to there tenant.

    As I am sure you can understand, if contoso.com was owned by Contoso and then another company called Fabrikam went and added contoso.com to there Azure Active Directory. When contoso.com in the future maybe wanted to add the domain, they wouldn't be able to because somebody else would have already done it and then how do we prove who should and should not have it so to speak.

    The verification of a domain does not affect how mail is flowed, or websites are disabled all we ask you to do is add a TXT Record in for verification apart from that nothing else changes. You do not point your Name Servers to Microsoft during verification you purely just add a TXT record in to your DNS via your DNS Management Provider.

    I hope that helps,



    Tuesday, July 15, 2014 10:42 PM