使用 Azure Active Directory 入口網站新增自訂網域名稱Add your custom domain name using the Azure Active Directory portal

每個新的 Azure AD 租用戶皆隨附初始網域名稱 (domainname.onmicrosoft.com)。Every new Azure AD tenant comes with an initial domain name, domainname.onmicrosoft.com. 您無法變更或刪除初始網域名稱,但您可以將貴組織的名稱新增至清單。You can't change or delete the initial domain name, but you can add your organization's names to the list. 新增自訂網域名稱可協助您建立使用者熟悉的名稱給您的使用者,例如alain@contoso.comAdding custom domain names helps you to create user names that are familiar to your users, such as alain@contoso.com.

開始之前Before you begin

您必須先向網域註冊機構建立您的網域名稱,才可以新增自訂網域名稱。Before you can add a custom domain name, you must create your domain name with a domain registrar. 如需公認的網域註冊機構,請參閱 ICANN 認可的註冊機構For an accredited domain registrar, see ICANN-Accredited Registrars.

在 Azure AD 中建立您的目錄Create your directory in Azure AD

取得您的網域名稱之後,您可以建立您的第一個 Azure AD 目錄。After you get your domain name, you can create your first Azure AD directory.

  1. 使用具有訂用帳戶 擁有者角色的帳戶,登入 Azure 入口網站以瀏覽到您的目錄,然後選取 [Azure Active Directory] 。Sign in to the Azure portal for your directory, using an account with the Owner role for the subscription, and then select Azure Active Directory. 如需訂用帳戶角色的詳細資訊,請參閱傳統訂用帳戶管理員角色、Azure RBAC 角色和 Azure AD 管理員角色For more information about subscription roles, see Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles.

    Azure 入口網站的畫面,顯示 Azure AD 選項

    提示

    如果您計劃讓內部部署 Windows Server AD 與 Azure AD 同盟,當您執行 Azure AD Connect 工具以同步處理您的目錄時,您必須選取 [我計劃將這個網域設定為可使用我的本機 Active Directory 進行單一登入] 核取方塊。If you plan to federate your on-premises Windows Server AD with Azure AD, then you need to select the I plan to configure this domain for single sign-on with my local Active Directory checkbox when you run the Azure AD Connect tool to synchronize your directories. 您也需要註冊相同的網域名稱,您選取該名稱以與精靈中 Azure AD 網域 步驟中的內部部署目錄同盟。You also need to register the same domain name you select for federating with your on-premises directory in the Azure AD Domain step in the wizard. 您可以在這些指示中看到精靈中那些步驟看起來如何。You can see what that step in the wizard looks like in these instructions. 如果您沒有 Azure AD Connect 工具,您可以 在這裡下載If you do not have the Azure AD Connect tool, you can download it here.

  2. 遵循為您的組織建立新的租用戶中的步驟,以建立新的目錄。Create your new directory by following the steps in Create a new tenant for your organization.

    重要

    建立租用戶的人員會自動成為該租用戶的全域管理員。The person who creates the tenant is automatically the Global administrator for that tenant. 全域管理員可以將其他系統管理員新增至租用戶。The Global administrator can add additional administrators to the tenant.

將自訂網域名稱新增至 Azure ADAdd your custom domain name to Azure AD

建立您的目錄之後,您可以新增自訂網域名稱。After you create your directory, you can add your custom domain name.

  1. 選取 [自訂網域名稱] ,然後選取 [新增自訂網域] 。Select Custom domain names, and then select Add custom domain.

    自訂網域名稱的頁面上,加入顯示的自訂網域

  2. 將貴組織的新網域名稱輸入到 [自訂網域名稱] 方塊中 (例如 contoso.com),然後選取 [新增網域] 。Type your organization's new domain name into the Custom domain name box (for example, contoso.com), and then select Add domain.

    已新增未驗證的網域,而 Contoso 頁面隨即出現,其中顯示您的 DNS 資訊。The unverified domain is added and the Contoso page appears showing you your DNS info.

    重要

    您必須包含 .com、.net 或任何其他最上層擴充功能,才能正常運作。You must include .com, .net, or any other top-level extension for this to work properly.

    自訂網域名稱的頁面上,新增自訂網域頁面

  3. Contoso 頁面複製 DNS 資訊。Copy the DNS info from the Contoso page. 例如,MS=ms64983159。For example, MS=ms64983159.

    包含 DNS 項目資訊的 Contoso 頁面

將您的 DNS 資訊新增至網域註冊機構Add your DNS information to the domain registrar

將自訂網域名稱新增至 Azure AD 之後,您必須回到您的網域註冊機構,並新增從您複製的 TXT 檔案中的 Azure AD DNS 資訊。After you add your custom domain name to Azure AD, you must return to your domain registrar and add the Azure AD DNS information from your copied TXT file. 為您的網域建立此 TXT 記錄可「確認」網域名稱的擁有權。Creating this TXT record for your domain "verifies" ownership of your domain name.

  • 回到您的網域註冊機構,根據您複製的 DNS 資訊為您的網域建立新 TXT 記錄、將 TTL (存留時間) 設定為 3600 秒 (60 分鐘),然後儲存資訊。Go back to your domain registrar, create a new TXT record for your domain based on your copied DNS information, set the TTL (time to live) to 3600 seconds (60 minutes), and then save the information.

    重要

    您可以註冊您想要的多個網域名稱。You can register as many domain names as you want. 不過,每個網域會從 Azure AD 取得自己的 TXT 記錄。However, each domain gets its own TXT record from Azure AD. 在網域註冊機構輸入您的 TXT 檔案資訊時,請格外小心。Be careful when entering your TXT file information at the domain registrar. 如果您不小心輸入錯誤或重複的資訊,則必須等到 TTL 會逾時 (60 分鐘),才能再試一次。If you enter the wrong, or duplicate information by mistake, you'll have to wait until the TTL times out (60 minutes) before you can try again.

驗證自訂網域名稱Verify your custom domain name

註冊您的自訂網域名稱之後,您必須確定它在 Azure AD 中有效。After you register your custom domain name, you need to make sure it's valid in Azure AD. 視您的網域註冊機構而定,從您的網域註冊機構傳播至 Azure AD 可瞬間完成,也可能需要幾天的時間。The propagation from your domain registrar to Azure AD can be instantaneous or it can take up to a few days, depending on your domain registrar.

若要驗證自訂網域名稱To verify your custom domain name

  1. 使用目錄的全域系統管理員帳戶登入 Azure 入口網站Sign in to the Azure portal using a Global administrator account for the directory.

  2. 選取 [Azure Active Directory] ,然後選取 [自訂網域名稱] 。Select Azure Active Directory, and then select Custom domain names.

  3. 在 [Fabrikam - 自訂網域名稱] 頁面上,選取自訂網域名稱 ContosoOn the Fabrikam - Custom domain names page, select the custom domain name, Contoso.

    [Fabrikam - 自訂網域名稱] 頁面,已醒目提示 contoso

  4. 在 [Contoso] 頁面上,選取 [驗證] ,確定您的自訂網域已正確註冊,而且在 Azure AD 中有效。On the Contoso page, select Verify to make sure your custom domain is properly registered and is valid for Azure AD.

    包含 DNS 項目資訊和 [驗證] 按鈕的 Contoso 頁面

確認您的自訂網域名稱之後,您可以刪除您的驗證 TXT 或 MX 檔案。After you've verified your custom domain name, you can delete your verification TXT or MX file.

常見驗證問題Common verification issues

  • 如果 Azure AD 無法驗證自訂網域名稱,請嘗試下列建議:If Azure AD can't verify a custom domain name, try the following suggestions:

    • 至少等候一小時,然後再試一次Wait at least an hour and try again. DNS 記錄必須在 Azure AD 驗證網域之後傳播,此程序可能需要一小時以上。DNS records must propagate before Azure AD can verify the domain and this process can take an hour or more.

    • 確定 DNS 記錄正確無誤。Make sure the DNS record is correct. 返回網域名稱註冊機構網站,並確定此項目存在,而且符合 Azure AD 所提供的 DNS 項目資訊。Go back to the domain name registrar site and make sure the entry is there, and that it matches the DNS entry information provided by Azure AD.

      如果您無法更新註冊機構網站上的記錄,則必須與具有正確權限的人員共用此項目,以新增項目並確認它是正確的。If you can't update the record on the registrar site, you must share the entry with someone that has the right permissions to add the entry and verify it's accurate.

  • 確定網域名稱並未在另一個目錄中使用。Make sure the domain name isn't already in use in another directory. 只可以在一個目錄中驗證網域名稱,這表示如果您的網域名稱目前已在另一個目錄中驗證,便無法在新的目錄中驗證。A domain name can only be verified in one directory, which means that if your domain name is currently verified in another directory, it can't also be verified in the new directory. 若要修正此重複問題,您必須從舊的目錄中刪除網域名稱。To fix this duplication problem, you must delete the domain name from the old directory. 如需如何刪除網域名稱的詳細資訊,請參閱 管理自訂網域名稱For more information about deleting domain names, see Manage custom domain names.

  • 確定您沒有任何非受控 Power BI 租用戶。Make sure you don't have any unmanaged Power BI tenants. 如果您的使用者已透過自助式註冊啟用 Power BI 並針對貴組織建立非受控租用戶,您就必須使用 PowerShell 以內部或外部管理員身分接管管理。If your users have activated Power BI through self-service sign-up and created an unmanaged tenant for your organization, you must take over management as an internal or external admin, using PowerShell. 若要深入了解如何接管非受控目錄,請參閱以系統管理員身分接管 Azure Active Directory 中非受控目錄To learn more about how to take over an unmanaged directory, see Take over an unmanaged directory as administrator in Azure Active Directory.

後續步驟Next steps