Microsoft 365 - Reclaim a domain via a forceful and external admin takeover
So, you've finally decided to take the plunge within your organisation, pushing them towards another milestone in their journey to the cloud, or you're an IT consultant working on behalf of a customer attempting to configure a functional Microsoft 365 tenant for them - Either way, you've been greeted by the following prohibitive message when trying to add a custom domain name: -
"Other people in your organization have already signed up with domain.com email addresses. You need to sign up too and then verify that you're the admin for the domain. We'll send you an invitation and walk you through the process of becoming the admin."
Users being users, and Microsoft gifting them the ability to self-service sign-up for various services such as PowerBi, it's no wonder they occasionally get there before we pesky administrators do - And unfortunately, when they do, as in this case, the user generates a user subscription in an unmanaged/shadow tenant bearing that precious and much-needed domain - I bet they didn't even know it!
Microsoft offers you the option to perform an internal admin takeover, as detailed in the error message and here. However, this isn't always straightforward, especially when the organisation or its users in question have no recollection of where this mystery unmanaged tenant has gotten to, thus making it rather difficult for you to gain access to it.
Fear not though, here's a potentially quick and painless way to reclaim that domain and resolve the issue: -
Access to Domain Host & DNS records.
PowerShell with MSOnline module installed.
Administrator access to the destination tenant.
1. Run the following PowerShell commands in order: -
(Authenticate with the destination tenant)
New-MsolDomain –name domain.com
Get-MsolDomainVerificationDns –DomainName domain.com –Mode DnsTxtRecord
2. Add the generated TXT record to the domain hosts public DNS records.
3. Verify the TXT record has propagated by using a tool such as mxlookup.
4. Run the following and last PowerShell command: -
Confirm-MsolDomain –DomainName domain.com –ForceTakeover Force
That should do it! - Hopefully, you can now breathe a sigh of relief.