We at my firm eSolia decided to migrate everything to Microsoft M365, for better or worse, because literally all our clients use it and things are just more efficient if it’s our daily driver. However, we had used a production domain in a trial tenant in the past, and this caused a lot of agita.

Besides the tenantname.onmicrosoft.com domain that comes with the service, you can assign a custom domain that you purchase via a registrar in the usual way. You add the domain you want in either Exchange or Azure AD admin, add a TXT record in your DNS host (like AWS Route53) to prove that you own the domain, and once that’s done, the domain is ready to be put into production when you point the DNS MX records at it.

However, when we clicked “verify” we got an error, saying that the domain was associated with the tenant ourfirmcojp.onmicrosoft.com and that we’d need to remove it from there, before we could add it to our production tenant. From that, support told us that it was probably generated during a self-service trial in which the person signing up used their company email address. They thought so because the tenant name was just our email domain without any dots (ourfirm.co.jp). The test tenant had become an “unmanaged tenant”, abandoned.

We tried taking advice from a whole bunch of various online help forum and blog posts and support, to “force takover” the domain, but nothing worked, GUI, powershell or otherwise. Finally we tried using a private browser window to log in via various possible users, and mostly, we just got more errors that self-service password resets SSPR was not enabled.

Except for one account.

We were able to change the password for this account in this tenant, and finally successfully signed in via https://admin.microsoft.com.

Once I was in, I created a global admin user, re-signed in as it, deleted all the other users, groups, and licenses (following this guide), then proceeded to delete the tenant. When you first attempt to delete it, there are a lot of various errors but MS makes it easy to figure out what you need to do, deleting groups, disabling licenses and so on. It’s a whole process, and in the end once all the checks are “green”, you need to wait 72 hours before you can finally delete the tenant itself.

So, in 72 hours I’ll visit https://aad.portal.azure.com/ and try the tenant deletion again.

What happened in the end? I was able to add our production ourfirm.co.jp domain to our production tenant and we’re ready to migrate!

I hope this little story might help anyone who happens upon it.

Photo of frustrated monkey by Asa Rodger on Unsplash

Social Photo by Asa Rodger on Unsplash