When performing migrations or directory synchronization with Microsoft 365, you may encounter the error:
“The new domain was not authorized to synchronize with the Microsoft 365 tenant.”
This error indicates that the domain you are attempting to use for login names, email addresses, or UPNs is not recognized as a verified domain within the Microsoft 365 tenant. Microsoft requires all domains involved in authentication or mail delivery to be properly added, verified, and authorized before they can be used.
Domain not added to the tenant
The domain has not been added via the Microsoft 365 Admin Center.
Domain added but not verified
Verification requires adding a DNS TXT record to prove ownership.
Until verified, the domain cannot be used for synchronization.
Domain is still attached to another tenant
A domain can only be verified in a single Microsoft 365 tenant at a time.
If the domain has not been fully removed from the previous tenant, synchronization will be blocked.
UPN or email domain mismatch
If objects are synchronized with an unverified UPN suffix, Microsoft 365 rejects them.
Domain Sharing or Email Rewrite Service not configured (Quest ODM scenarios)
Unified email domains across two tenants require Domain Sharing to be enabled before sync occurs.
Add the domain to the Microsoft 365 tenant.
Verify the domain by adding the required TXT DNS record.
Remove the domain from any other tenant (if applicable).
Ensure UPN suffixes in Active Directory match a verified M365 domain.
In Quest ODM migrations, configure Domain Sharing and ensure applicable subscriptions are active.
This error simply means that Microsoft 365 does not yet trust the domain you are using.
Once the domain is properly added and verified (or removed from another tenant), synchronization will work as expected.
