Microsoft 365 - Reclaim a domain via a forceful and external admin takeover

Chris Hudson

Oct 21, 2021

So, you've finally decided to take the plunge within your organisation, pushing them towards another milestone in their journey to the cloud, or you're an IT consultant working on behalf of a customer attempting to configure a functional Microsoft 365 tenant for them - Either way, you've been greeted by the following prohibitive message when trying to add a custom domain name: -

"Other people in your organization have already signed up with domain.com email addresses. You need to sign up too and then verify that you're the admin for the domain. We'll send you an invitation and walk you through the process of becoming the admin."

Microsoft 365 Domain already in use error message

Users being users, and Microsoft gifting them the ability to self-service sign-up for various services such as PowerBi, it's no wonder they occasionally get there before we pesky administrators do - And unfortunately, when they do, as in this case, the user generates a user subscription in an unmanaged/shadow tenant bearing that precious and much-needed domain - I bet they didn't even know it!

Microsoft offers you the option to perform an internal admin takeover, as detailed in the error message and here. However, this isn't always straightforward, especially when the organisation or its users in question have no recollection of where this mystery unmanaged tenant has gotten to, thus making it rather difficult for you to gain access to it.

Fear not though, here's a potentially quick and painless way to reclaim that domain and resolve the issue: -

Prerequisites

Access to Domain Host & DNS records.
PowerShell with MSOnline module installed.
Administrator access to the destination tenant.

Steps

1. Run the following PowerShell commands in order: -

Connect-MsolService

(Authenticate with the destination tenant)

New-MsolDomain –name domain.com

Get-MsolDomainVerificationDns –DomainName domain.com –Mode DnsTxtRecord

2. Add the generated TXT record to the domain hosts public DNS records.

3. Verify the TXT record has propagated by using a tool such as mxlookup.

4. Run the following and last PowerShell command: -

Confirm-MsolDomain –DomainName domain.com –ForceTakeover Force

That should do it! - Hopefully, you can now breathe a sigh of relief.

Links

Microsoft - Internal admin takeover

Microsoft - Domain Takeover

Microsoft - DNS TXT Record

2 comentários

Andre Thiemann

11 de mar. de 2024

Hi Chris, what if everything seams to work, but the user has no access to admin center after takeover? How long can this take to be processed in the background?

Curtir

31 de mai. de 2024

Respondendo a

Hello Andre, thank you very much for your comment and apologies for the late response. The outcome of the above process should be noticeable rather immediately upon completion, but of course this can depend on a number of factors. To be safe, I'd say up to 1 hour (60 mins) for the changes to be processed in the background. Regarding the comment about the user having no access to the admin center after takeover, I've never seen this before. Presumably the user in question previously had admin privileges in order to successfully run the above process against the destination tenant? - If so, I've never seen or heard of this same process changing any role-based access. Are there any error…