Domain Validation and BPOS
Tips and Tricks

By Brett Hill

When you sign up for an email service like Exchange Online, you’re probably planning on using your own domain name for signing in and for your email addresses. I can actually validate a domain in about 2 minutes or less, but there are a couple of things to know.

When you first signup for BPOS, you’re asked to provide a domain name. This is used to create a base domain like “myverycooldomainname.microsoftonline.com”. You’re issued a microsoftonline.com domain (sometimes called the Microsoft Online Default Routing Domain [or MSODRD for the real trivia geeks out there]) as it is certain to be unique to the Microsoft Online AD and you don’t have to immediately prove ownership. In this way Microsoft can immediately configure your BPOS account.

After you have logged in to admin.microsoftonline.com, you’re ready to validate your domain. The super easy way is if you happen to have your account hosted at Enom.com. In this case, the validation and configuration can occur through web services through an agreement with Microsoft and Enom. This is truly the fast-track for domain validation.

However, for the rest of the world, you have to go through a straightforward, but precise set of steps. What follows are a few tips and tricks as well as a troubleshooting suggestion if you have problems.

Let’s get started.

First, add a domain to the Administration center at https://admim.microsoftonline.com (under the Users tab). Select New and enter the domain name you want to use.

Here you have to choose between Authoritative and External Relay. This one is simple. Choose authoritative when Exchange Online is the service that will receive all the email for this domain. In the case, I’m using Contoso7.com, and I want all mail sent to Exchange Online. After accepting this, you get a prompt to optionally start the verification wizard which looks like this:

In this case I could actually choose Enom, but then we’d be done. We’re doing it the “hard” way so on to Other.

Now for the fun stuff. Take a look at the next screen; there will be quiz.

This is where it gets a bit confusing because of the way the HOST name is described. Here’s the quiz - given the name MS98145153.contoso7.com what part is the Host name? Well, contoso7.com is the domain so the Host name is ms98145153. Together they create the entire fully qualified domain name.

So, when I go to my DNS configuration page, this is how it is entered for my provider. Keep in mind that the specifics of how the UI works is entirely up to the application you’re using to configure DNS. For example, an obtuse DNS rule is that an address for a CNAME entry must end in a “.”. The UI for the DNS manager at Enom handles that for you, but if you are editing DNS settings in a text file, you have to know what you’re doing. In fact, some ISPs don’t let you modify this information at all. That’s one reason why this is a good idea to try out before you make a purchase.

After adding the correct CNAME entry, all I need to do is Save this then validate the domain.

Of course, I want to do this immediately because I have no patience and want to get things working, but take a look at step 4 above “Wait at least 15 minutes….”. And if that wasn’t hard enough, the note that follows “It may take up to 48 hours”! Grrrr.

TIP: There’s no harm in attempting to validate the domain right away. It will either succeed or fail and in my experience, you can usually validate a domain hosted at Enom after about 5 mins.

ANOTHER TIP: How can you know if it’s 15 mins or 48 hours? Use NSLOOKUP as follows:

Open command prompt and type NSLOOKUP, then Enter. You’ll get a little prompt (you’re now inside the NSLOOKUP command processor). Type set q=CNAME <Enter>. Then <domain name> <Enter>. When I do this, I get the following result.

The TTL setting stands for Time To Live and is the duration that DNS queries from this DNS server are cached. In this case, I should be able to safely validate my custom domain after waiting 3 minutes and 1 second. Each DNS provider is free to set this to any value they choose so results will vary.

STILL ANOTHER TIP: Use Ping to see if the updates are published.

Yes, you can just PING the FQDN and see what happens.

If you get result shown here, you are ready to validate. You may need to do use the  ipconfig /flushdns command to get the most current results.  If you get the updated hostname as shown, just return to the administration center and validate the domain to see:

Don’t worry if your session timed out before you can get to the validation button. You can start the wizard again, and it will keep the same validation information.

At this point, you should:

1. Set the domain to the default domain.

2. Enable incoming email.

3. Add users.

4. Set your MX record to point to Exchange Online

Note that step 4 will change your email routing for your domain so that all mail goes to Exchange Online. Don’t proceed with that step ‘till you’re ready, but when you’re ready, it’s simple to do. Just add the MX record to your DNS server as instructed by the wizard. No additional validation is required, but the same TTL applies to your MX record updates as to your validation procedure, so it may take a little while for the MX record change to take effect.

So that’s it! Here are a couple of other bits. If you have a subdomain like accounting.contoso.com it will automatically be valid when you enter it. Also, keep in mind that if you use a domain for trial account, be sure to delete it if you don’t plan on turning your trial into an paid subscription BEFORE the subscription expires.  That way, if you start another trial or purchase a subscription with a different account, you can re-validate without an issue.

See ya in the Cloud.

-Brett