Tag Archives: Azure AD custom domain

#Azure AD : All about Azure Active Directory

IT has moved from Datacenter Era to the Cloud Era. Focus of the organizations have been changed from one specific set of vendors to the open world of technology. Since Datacenter came in inception, Identity has played a vital role and always been used to treat as a backbone of IT. Now in the new era of multi-cloud environment, Identity is playing a centric role that itself is a new beginning of Identity that has been extended from IT backbone to user-experience oriented.

Microsoft had played a key role in datacenter era by Windows Server Active Directory and now again playing a crucial role in multi-cloud environment by offering Azure Active Directory. Microsoft Azure Active Directory in not only a directory service but it is a complete cloud service that can fulfill all your identity and authorization needs. However, you may find there are couple of things related to identity that can’t be fulfilled by native AAD features but it is continuously evolving.

In this era, organizations don’t need SME for everything but they need design SME who has board understanding of complete end-to end solution stack starting from infrastructure technologies to application technologies.

I have written a series of blog posts on Microsoft Azure AD and these posts mainly focus on how to do it or you can say step-by-step guides backed by real-time scenarios.

Microsoft Azure Active Directory

Azure AD Connect

SSO to SaaS

Application Proxy

Multi-factor Authentication

Self-service Password Management

Self-service group management

Access Panel/My Apps

Dynamic groups membership

Pricing, Licensing and Support

Conditional Access

Custom domain names

Company branding

Cloud App Discovery

Group-based licensing

Identity Protection Part I

Identity Protection Part II

Identity Protection Part III

Privileged Identity Management Part I

Privileged Identity Management Part II

Privileged Identity Management Part III

Azure Active Directory Domain Services Part I

Azure Active Directory Domain Services Part II

Azure Active Directory Domain Services Part III

Azure Active Directory Domain Services Part IV

Device Management – Azure AD Registering

Device Management – Azure AD Join

B2B Collaboration

B2B Licensing


Error – SSPR_0029: We are unable to reset your password due to an error in your on-premises configuration.

Above series of blog posts have covered most of the areas of Azure Active Directory. You can bookmark this blog post for any Azure AD need, I’ll try my level best to add new Azure AD related posts in this series.


#AzureAD : Custom domain names

Microsoft Azure AD provides extensive set of features and many organization looking at it as an opportunity for IAM solutions. However, organizations are leveraging it with Microsoft cloud offerings and syncing their on-premises identities with Microsoft Azure AD. (Note: If you want to know more about “how to sync on-premises AD with Azure AD”, look at #AzureAD : Azure AD Connect.)

When any organization does this kind of implementation, they always try to make sure that end-user will not have any affect. When you sync your on-premises AD with Azure AD, you observe that the username (original UPN) changes to username@<uniquedomainname>.onmicrosoft.com but this change impact the user behavior.

Look at the “Initial domain name” that becomes <initialdomainname.onmicrosoft.com>

Because of this change, your user has to remember one more UPN (user principle name). To avoid these complexity, you can use custom domain name features in Azure AD.

Login to Azure AD Portal https://aad.portal.azure.com

Go to the Azure Active Directory.

Go to the Custom domain names.

Now, you can observe that there are two domain names. First one is your on-premises domain name (in my scenario: insidemstech.local) and another one your Azure AD custom domain name (in my case: insidemstechaad.onmicrosoft.com). If you can recall your hybrid configuration, you had observer “Not Verified” status in Azure AD sign-in configuration wizard.

Look, how does it appears in Azure AD Connect configuration.

Now, if it is your public domain name and DNS records exist for this domain, then you can just click on your on-premises domain name and can verify this domain by using TXT record.

Once, you are done with the verification then status of your on-premises domain name will change from unverified to verified and now your users can use the same on-premises UPN to login to the cloud services.