Before diving into the story, let’s cover some essential theory. The domain name is not just a formality; it’s a key element in forming User Principal Names (UPNs) and email addresses. If you’re not planning to use the default domain onmicrosoft.com, you must add your actual domain name in Entra ID (Azure AD). This step is crucial for proper user management and authentication.
However, a domain can only be part of one tenant at a time. If you need to move a DNS domain name between tenants, you must first delete the domain name from the source tenant. The most common reason for such a move is company reorganization, where some groups need to migrate data and resources to a new tenant, bringing their existing domain name with them.
I encountered a similar situation recently.
My Initial Setup
Here was our starting point:
- One Active Directory Forest where all users used
domain.comas part of their UPN. - Two Entra ID Connect servers were deployed, each syncing users to their respective tenants.
- Both tenants had the same list of users with slight differences.
- The source tenant had
domain.comregistered, allowing users to authenticate with it. - The target tenant used a temporary domain, requiring users to authenticate with
temp.com.
- The source tenant had
