Adding a Subdomain to Office 365

The other day I attempted to add a subdomain to an Office 365 account but received an unwelcomed message…

Can’t add domain … is a subdomain of a domain which was added by using the Microsoft Online Services Module for Windows PowerShell. You must also use this tool to add to Microsoft Online Services.


So…I made the attempt to add it via PowerShell.  First, I reviewed my domain (get-msoldomain) and all appeared fine–Status is Verified and Authentication is Federated.

Next, I attempted to add the domain via PowerShell…

New-MsolDomain -Name

But received this…

New-MsolDomain : Unable to add this domain. It is a subdomain and its authentication type is different from the authentication type of the root domain. At line:1 char:15 + New-MsolDomain <<<< -Name + CategoryInfo: OperationStopped: (:) [New-MsolDomain], MicrosoftOnlineException + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.DomainUnexpectedAuthenticationException,Microsoft.Online.Administration.Automation.NewDomain


Finally, I tried this command…

New-MsolFederatedDomain -DomainName

And received another error…

New-MsolFederatedDomain : Failed to connect to Active Directory Federation Services 2.0 on the local machine. Please try running Set-MsolADFSContext before running this command again. At line:1 char:24 + New-MsolFederatedDomain <<<< -DomainName + CategoryInfo: InvalidOperation: (:) [New-MsolFederatedDomain], FederationException + FullyQualifiedErrorId : InvalidCommandSequenceGeneva,Microsoft.Online.Identity.Federation.Powershell.AddFederatedDomainCommand


I opened a ticket with O365 support to assist with troubleshooting and received a call back to address.  We were able to resolve the issue relatively quickly.  The key to resolving was in the error received in the previous command I issued … “Failed to connect to Active Directory Federation Services 2.0 on the local machine“.  As I was running the commands from the DirSync server or an admin workstation, the “local machine” being referred to in the error wasn’t the correct machine to run the command from.

Being fairly new to AD FS implementations, apparently it is important where you run your commands from when you have AD FS set up.  All that needed to be done was to access Office 365 via PowerShell from the primary AD FS server and run the same command as above…

New-MsolFederatedDomain -DomainName

Once the command was issued from the primary AD FS server, I received the message “Successfully added ‘’ domain.“  I checked the domain list in my tenant and via PowerShell (get-msoldomain) to confirm the subdomain was present–and federated.

To test, I added the UPN for my subdomain to the on-premise domain, modified a few accounts to reflect the new local UPN account name, forced DirSync, confirmed the O365 account name had changed and successfully logged into the portal with the new UPN account name (via SSO).

FYI…My actual domain name is not “”.

Have fun.

Todd (@oddytee)


3 thoughts on “Adding a Subdomain to Office 365

  1. Thank you, one is support a routable domain – meaning accessible from internet. Is this method supported for non-routable sub domain that is support is not accessible from Internet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s