When you make a change to a parent (top-level) domain that's verified in Office 365, Microsoft Azure, or Microsoft Intune, a child domain that's also verified doesn't inherit the changes. This issue may occur when you do one of the following:
- Change the domain from standard to federated
- Change the domain from federated to standard
- Set domain authentication or federation configurations
- Update the domain Active Directory Federation Services (AD FS) relying party trust
- Verify domain ownership
To resolve this issue, delete the child domain, add and verify the parent domain, and then re-add the child domain.Note
After the parent domain is verified and the child domain is added, you don't have to verify the child domain because it inherits the settings (verification, authentication, and federation) from its parent.
This issue may occur if the child domain is verified before the parent domain is verified. When the child domain is verified first, verification and its settings are managed independently of the parent domain.
For example, you verify the corp.constoso.com
domain. Later, you verify the contoso.com
domain. When you verify corp.contoso.com
, and ownership is proven, the namespace is created in Office 365 as a domain that's completely independent of contoso.com
. Therefore, when you later verify contoso.com
, any changes that are made to this new domain don't affect corp.contoso.com
In certain cases, you may want to manage the child domain properties independent of the parent domain.
Still need help? Go to the Office 365 Community
website or the Azure Active Directory Forums