Error when you try to use the New-MSOLDomain command to add a subdomain to an existing domain: New-MsolDomain: Unable to add this domain

Original product version:   Cloud Services (Web roles/Worker roles), Microsoft Entra ID, Microsoft Intune, Azure Backup, Office 365 User and Domain Management, Office 365 Identity Management
Original KB number:   2666578

Symptoms

You try to add a subdomain to an existing domain in a Microsoft cloud service such as Office 365, Microsoft Intune, or Microsoft Azure by using the New-MSOLDomain command. However, you receive the following error message:

New-MsolDomain: Unable to add this domain. It is a subdomain and its authentication type is different from the authentication type of the root domain.

Note

Azure AD Powershell is planned for deprecation on March 30, 2024. To learn more, read the deprecation update.

We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). Microsoft Graph PowerShell allows access to all Microsoft Graph APIs and is available on PowerShell 7. For answers to common migration queries, see the Migration FAQ.

Cause

This issue occurs if you try to use the New-MSOLDomain command to add a subdomain to an existing domain that's set up for federated authentication. The New-MSOLDomain command tries to add the subdomain as a standard authentication domain.

Resolution

To add a subdomain to a domain that's set up for federated authentication, follow these steps:

  1. Connect to Microsoft Entra ID by using Windows PowerShell. For more information, see Connect to Microsoft Entra ID Using Windows PowerShell.

  2. Use the New-MSOLFederatedDomain command.

    The syntax to add a subdomain is as follows, where <subdomain> is the name of the subdomain that you want to add:

    New-MSOLFederatedDomain -DomainName:<subdomain>
    

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.