question

MitchWatson-5383 avatar image
0 Votes"
MitchWatson-5383 asked MitchWatson-5383 answered

New Domain

We recently had to rebuild our entire domain we had Azure/AD Connect running on our old domain. I would like to remove all reference to the old domain and then start a new connect so I can implement 2FA using Azure. What would be the correct steps to do this?

Thank You

azure-ad-connect
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MitchWatson-5383 avatar image
0 Votes"
MitchWatson-5383 answered

Thank you for the direction just a few questions before I proceed. Since we are not currently AD syncing to Azure right now we are totally on Prem there should be no adverse reactions to me deleting this right? We don't or didn't use Office 365 or On-line Outlook or any Azure service except the AD-Sync. Because this whole issue came to light because of a security issue is it best to totally delete the domain and then rebuild or would deleting all the users and groups and such and then start a new AD-sync for 2FA be better?

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

You can delete the domain following the steps in this guide: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-manage

The original domain like contoso.onmicrosoft.com can't be removed, and any top-level domain that has subdomains associated with it cannot be removed until the subdomains have been removed. For other custom domain names, you must change or delete any related resources in your Azure AD directory before you can delete the custom domain name. Only a Global Administrator can manage domains in Azure AD, so make sure you have those permissions.

To delete a custom domain name, you must first ensure that no resources in your directory have dependencies related to the domain name. You can't delete a domain name from your directory if:

  • Any user has a user name, email address, or proxy address that includes the domain name.

  • Any group has an email address or proxy address that includes the domain name.

  • Any application in your Azure AD has an app ID URI that includes the domain name.


To delete a domain:

  1. Sign into the Azure classic portal using an account with global admin privileges for that directory.

  2. Open your directory, and select Domains.

  3. Select the domain and click Delete.


https://github.com/toddkitta/azure-content/blob/master/articles/active-directory/active-directory-add-domain-delete-domain.md


See related thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.