Domains (sometimes referred to as namespaces) are the configuration objects that are used to reference groups of related objects managed by a single organization. Domains are typically names of some sort and are composed of two parts:
- Second level domain – Typically used to refer to the managing organization. For example, in fabrikam.com, fabrikam is the second-level domain name.
- Top-level domain – The top-level domain is used to group types of related second-level domains. You’re probably familiar with the most common top-level domains—the original seven are .com (commercial), .edu (educational institution), .gov (government), .mil (US military), .net (network), .us (intended for US citizens, residents, and organizations), and .org (a truncated form of organization, originally intended for second level domains that don’t fit anywhere else).
In the context of Exchange (and other mail systems), domains are used to identify where groups of related mailboxes and mail-enabled groups exist. Similar to Active Directory (and Azure Active Directory), domains in the Exchange realm are used for naming and locating objects. While on-premises Active Directory can only have one domain associated with it, Exchange (both on-premises and Online) can support multiple domains. These alternate domains are sometimes called aliased domains.
Exchange has two core types of domains: accepted and remote. Accepted domains are the domains that your environment owns and is responsible for. Remote domains are configuration objects that refer to domains outside your organization. Remote domains are typically used to manage certain delivery aspects of email, such as specifying particular message formats or preventing the forwarding of out-of-office replies.
Managing accepted domains
You typically configure accepted domains for each domain name that you own and want Exchange Online to manage. You can see the accepted domains in the Exchange admin center (https://admin.exchange.microsoft.com) under Mail flow | Accepted domains, as shown in Figure 11.1:
Figure 11.1 – Accepted domains page
Every domain you add as a verified domain in the Microsoft 365 admin center is automatically added to Exchange Online as an accepted domain. This integrated behavior is different from Exchange on-premises, where Active Directory domains and Exchange-accepted domains are managed independently.
Domains in Exchange Online can be one of two types:
- Authoritative – Exchange Online owns the domain and is the source of truth for what mail-enabled objects exist in the domain.
- Internal Relay – Recipients can exist either in the Exchange Online organization or in another environment (typically, a hybrid-connected Exchange Online environment). If a message recipient isn’t found in Exchange Online, messages are forwarded to other mail systems to attempt delivery.
Next, let’s look at managing remote domains.