The Domain and Defederation (from GoDaddy) Dilemma

[britechguy]

Those who've been reading some of the recent topics I've started know that I am working with a small local business (under 6 employees) to get their shop IT up to date. In recent weeks the decision was made to go the route of M365, and the client has an existing GoDaddy account (or so we thought, read on).

GoDaddy is indeed the domain name registrar for the business:



However, as you can see above, the actual business owner is not the owner of record for their own domain name. Everything related to the business, it's storage topography, and website, email, etc., were set up years ago by a local tech who has retired due to ill health.

GoDaddy has two different accounts that relate to the domain - the one for the domain registration itself that also appears to hold something related to the single email address related to it, along with the one that I can get access to which has no subscriptions associated with it. What's even weirder is that if I log in to microsoft365.com using that single email address, I can see that Exchange Online (Plan 1) is associate with it, but it does not seem to have any connection to the GoDaddy account I can get to.

The original IT guy clearly never transferred domain ownership to the business owner, but he is not affiliated with the company in Arizona, either. We were able to reach him, briefly, by phone and he is going to dig through his records, as he admitted that the intention was to transfer ownership of that domain before he retired (but since he retired due to a major decline in health, and he was a one-man show, much clearly fell through the cracks).

GoDaddy has put us through a process to prove we are who we say we are and in an attempt to regain ownership and control over the domain name.

Needless to say, with things in their current state the idea of defederating the GoDaddy M365 tenant has hit a wall. Now I'm in a wait state to see how GoDaddy responds, as they are squarely in the middle of the situation, whether they want to be or not. But I don't see any way out of this until the business owner has full control over his domain name and the registration at GoDaddy goes back to him.

I've never heard of Domains by Proxy, LLC, prior to today and don't hold much hope of getting assistance from them.

The kicker is that we have the invoices for the last domain renewal in 2021 for 3 years, as well as earlier invoices, too.

What a freakin' mess!

 

[YeOldeStonecat]

Going through a similar process with a small law firm client....prior IT guy fell off the face of the earth.

Have the peeps at the business go through this process...not terribly long, just some time they gotta invest...

GoDaddy - Regain access to my domain or my GoDaddy account

If you can no longer access the email address associated with your account, submit your ID via secure form to regain access to your domain or account.

www.godaddy.com

Put any migrations or otherwise on PAUSE..until this is done. Granted...you can do the migration without having access to the DNS, but..."just in case something needs to be done in DNS"...and something can break...I'd put any other work on pause until this account is recaptured and you can log in and access everything.

 

[britechguy]

I'd put any other work on pause until this account is recaptured and you can log in and access everything.

Oh, believe me, I have.

Went through the specific pages in the hierarchy referenced above for getting access to one's domain again. I've asked the owner to forward whatever GoDaddy sends as a reply, which can take up to 72 hours. I'm trying to make certain that all correspondence related to GoDaddy and this issue go through one of his own email accounts, not one of mine.

In addition, and I don't quite know how, we seem to have lost access to the Microsoft Account that is his PERSONAL (not business) account. And attempting to recover that via "the usual process" yielded nothing but, "you've not supplied enough information, try again."

[Addendum: At least I now have ROBOCOPY set up to back up the data on their WinServer2003 to the ioSafe drive they own. The initial run is taking a while, but I expect that subsequent runs will finish up in seconds, as most of the data is archival in nature rather than in active use.]

 

[Markverhyden]

Domains By Proxy is Godaddy's wholly owned privacy service which is hiding the real owner. But the real catch is the old tech is the one who is actually listed as the owner. So he has to initiate the transfer. That being said I did have a similar situation some 10-15 years ago. A prior tech had registered the domain in his/her name then vanished. It was a lengthy process but I seem to remember that we were eventually able to gain ownership since they had formal documentation like articles of incorporation and tax documents. Also remember it all had to be done via fax.

 

[britechguy]

Well, good news on this front: The owner of the domain was the former, retired IT guy and after the business owner contacted him he put in a request with GoDaddy for transfer of ownership right around the same time we put in a "give this to us" request, and the transfer is apparently already complete based on an email I got this morning.

Now the question will be whether everything is now "under one roof" as far as GoDaddy accounts go or whether the domain registration and (I'm guessing) M365 tenant where email was set up still sit in an account of their own, or whether a merger of the two accounts related to that domain/email address was performed. I have no idea how GoDaddy handles something like this. I guess I'll find out at the end of this week.

 

[Markverhyden]

Well, good news on this front: The owner of the domain was the former, retired IT guy and after the business owner contacted him he put in a request with GoDaddy for transfer of ownership right around the same time we put in a "give this to us" request, and the transfer is apparently already complete based on an email I got this morning.

Now the question will be whether everything is now "under one roof" as far as GoDaddy accounts go or whether the domain registration and (I'm guessing) M365 tenant where email was set up still sit in an account of their own, or whether a merger of the two accounts related to that domain/email address was performed. I have no idea how GoDaddy handles something like this. I guess I'll find out at the end of this week.

Domains are tied to a Godaddy account just like M365 purchased through Godaddy. Godaddy no longer offers IMAP email, only Exchange so any Godaddy email will be M365. In fact when you setup an email service with Godaddy they offer you basic Exchange with 10gb, Exchange with 50gb, or full M365 with apps. As long as it's the same account they'll both be there. In the case of Exchange you'll log into Godaddy's SSO which will pass you on to Exchange for another log in.

If you've not already done so I'd get them to setup you as an admin. You'll log into you regular Godaddy account, then Account Settings, choose Delegate Access. My rights are Domains, Products, and Purchases.

 

[britechguy]

@Markverhyden

What I was trying to say is that on the call with GoDaddy they made very clear that the GoDaddy account that was associated with the domain name registration and email service for the one email address was separate from the other one, which we could log into using that one email address. Very strange. The account we did (and do) have access to could, effectively, be jettisoned, I suppose, but I'm hoping that GoDaddy may have merged the whole ball of wax into one single GoDaddy account as part of the domain's change of ownership (to its rightful owner).

Part of the defederation was going to be setting up an unlicensed user as global admin in the M365 tenant for the business owner himself (which he will not likely even use, but I always want the owner to have that capability) and we've discussed having my own business email address added in as an unlicensed user for the same purpose (or else creating a faux email address for me). I've got to believe that "the real M365 tenant" was part of that other account, as what we had access to under the account we could use showed what amounted to a ghost town in the tenant associated with it. And it became even more confusing, because using the sole email address, and logging in to Microsoft365.com, it does show there the Exchange Online, Plan 1. But if that's how that email address came into being, I guess it would be part of Microsoft 365. It may even have been plain Microsoft.com we logged in to - the way Friday went certain details are blurry.

Dealing with GoDaddy so far has been, for me, an unpleasant experience. They essentially did not wish to give any substantive help in trying to get the domain name transferred to its rightful owner, and had the owner of record not gotten involved, I imagine this could have dragged on for who knows how long. I just wonder what happens if, as their request forms have a radio button for, the owner of the domain is deceased? It certainly can't be something that "just doesn't happen" and were a business owner to die, and someone else take over the business, the domain name is a business asset. It's got to "go with."

I've had much better service from Namecheap.com, which is what I've used for years as my domain name registrar. I started out with Yahoo but ditched them at the first renewal cycle because their prices were ridiculous. On the few occasions I've had to deal with Namecheap customer support, either by phone or email, they've been prompt and helpful. But right now I'm not going to focus on extrication from GoDaddy overall until we get the tenant defederated, M365 set up, and get GoDaddy to get ProofPoint out of the picture after those first two things have been accomplished. Then we'll think about whether to go elsewhere as far as domain name registrar (and email records, I think, though those may be managed in the tenant). I know that email records are incomplete for that domain when I checked via mxtools.com.

 

[NETWizz]

@Markverhyden

What I was trying to say is that on the call with GoDaddy they made very clear that the GoDaddy account that was associated with the domain name registration and email service for the one email address was separate from the other one, which we could log into using that one email address. Very strange. The account we did (and do) have access to could, effectively, be jettisoned, I suppose, but I'm hoping that GoDaddy may have merged the whole ball of wax into one single GoDaddy account as part of the domain's change of ownership (to its rightful owner).

Part of the defederation was going to be setting up an unlicensed user as global admin in the M365 tenant for the business owner himself (which he will not likely even use, but I always want the owner to have that capability) and we've discussed having my own business email address added in as an unlicensed user for the same purpose (or else creating a faux email address for me). I've got to believe that "the real M365 tenant" was part of that other account, as what we had access to under the account we could use showed what amounted to a ghost town in the tenant associated with it. And it became even more confusing, because using the sole email address, and logging in to Microsoft365.com, it does show there the Exchange Online, Plan 1. But if that's how that email address came into being, I guess it would be part of Microsoft 365. It may even have been plain Microsoft.com we logged in to - the way Friday went certain details are blurry.

Dealing with GoDaddy so far has been, for me, an unpleasant experience. They essentially did not wish to give any substantive help in trying to get the domain name transferred to its rightful owner, and had the owner of record not gotten involved, I imagine this could have dragged on for who knows how long. I just wonder what happens if, as their request forms have a radio button for, the owner of the domain is deceased? It certainly can't be something that "just doesn't happen" and were a business owner to die, and someone else take over the business, the domain name is a business asset. It's got to "go with."

I've had much better service from Namecheap.com, which is what I've used for years as my domain name registrar. I started out with Yahoo but ditched them at the first renewal cycle because their prices were ridiculous. On the few occasions I've had to deal with Namecheap customer support, either by phone or email, they've been prompt and helpful. But right now I'm not going to focus on extrication from GoDaddy overall until we get the tenant defederated, M365 set up, and get GoDaddy to get ProofPoint out of the picture after those first two things have been accomplished. Then we'll think about whether to go elsewhere as far as domain name registrar (and email records, I think, though those may be managed in the tenant). I know that email records are incomplete for that domain when I checked via mxtools.com.

Yeah they are unpleasant, but trying Dealing with Cisco.

It wouldn't be such a problem, but every time I think I am done, I have another dead Cisco 9300 Series switch needing an RMA.

 

[britechguy]

Yeah they are unpleasant, but trying Dealing with Cisco.

It mystifies me as to why any entity thinks that customer service that stonewalls (or works strictly from a script, rather than listening to the person on the phone as to whether they may already be at least halfway into the steps of the script before picking where to start) is a good thing.

In the case of GoDaddy, they kept saying that we didn't own the domain and they couldn't give us any information about who did. OK, so I get that, as far as saying, "It's owned by . . . and here's their contact information." But as the actual domain name registrar you do know who this is, and you need to have a mechanism in place to establish communication between the two parties when something like this occurs. The rep kept insisting that they had no way to do that. Well, then when I went to the website @YeOldeStonecat mentioned and went through the process, part of that includes GoDaddy giving a URL that allows you to send a message from yourself to the owner of record through an anonymous system, which I did. Had that rep, at the outset, said, "We cannot give you this information but we have a process you can use to try to gain ownership, and part of that includes an option to reach out to the owner of record without knowing who they are on your end," the situation would have been resolved, then and there. But, no, they kept himming and hawing and, clearly, not knowing what to do and putting us on hold until I lost my temper, big time, and it takes a lot to push me to that point. If you, as an entity, have control over "all parts of the problem" then you had damned well better consider that being the entity that's central to solving the problem falls on you, because without your assistance it cannot be solved, period.

Now I get to see whether what had once been two separate accounts, one for domain ownership and the other for I can't quite figure out what now, will be merged so that everything is now in one place. If not, then GoDaddy is going to have to make sure that we gain access to the account that controls the domain, as we've never had that, and now that ownership is being transferred we're going to have to have that.

I am not sanguine that this will be handled with grace.

 

[britechguy]

Well, now the latest bit in the saga. It's taken 2 weeks (and mostly the business owner's effort dealing with GoDaddy) but it's now official that the company's domain name is owned by him and there is one account rather than two.

Something that didn't register for either one of us at the outset was that the name servers for his email (the ns1 and ns2 entries shown in my initial post) are actually custom nameservers owned by the now retired tech who set all this stuff up years ago (and apparently still running) and from whom we wrested the domain ownership, with his cooperation. Now, when logging in to the GoDaddy account you get a stippled red warning banner saying that there's an incorrect SPF record and saying we need to update it. Of course, since the name servers in use don't belong to GoDaddy, we can't. So now we're trying to figure out if we can just have GoDaddy's nameservers take this over or not, then update the SPF record.

Of course all this makes me wonder how all this plays in to the defederation of the M365 tenant from GoDaddy, which I still want to do.

Right now, the admin ID for the tenant is the client's email and password, and we can log in via GoDaddy, but the classic "almost everything an admin would like to do is hidden" situation still exists.

One thing that will thrill some here, and that I have no intention of trying to undo, is that GoDaddy sold the client an M365 Business Premium subscription, but he was under the misunderstanding that since you could install on up to 5 machines, that meant that "anyone" could use the software rather than it all being tied to his account. I think he's clear now that each license is tied to a human user, and each of those human users will have the right to use multiple devices with their subscriptions. I think he's also clear now that in order to form Teams under teams you have to have multiple licenses within the tenant, one for each team member.

One thing I found really peculiar and unexpected today is that somehow the "local teams app" (for lack of a better way of putting it), the one that before installing M365 Business is what you'd have if you had no M365 subscription or Family/Individual, still fires up that way, and you can see that in the icon in the taskbar (as opposed to system tray, which is always business) but after a second or two the shield color changes to the one appropriate to business and that's what's logged in for the desktop app.

I'm still having nightmares with dealing with the Win Server 2003 instance from this machine while we're not yet set up with OneDrive. All mapped drives show up under This PC, but not under Network. Even stranger is that a ROBOCOPY script I wrote to back up the Win Server 2003 to a local ioSafe device is now refusing to recognize the drive letter for the server, even though it is clearly visible in File Explorer under This PC and all files can be accessed there. This was not the case when I last left about 2 weeks ago, and the Y: drive was known in command prompt, too. I only wish I had set this machine up at the outset using a personal MS account (the owner's) rather than trying his business account. The other two machines that I set up this way are having zero issues with connecting to the Win Server 2003 after SMB1 is enabled.

 

[Markverhyden]

Right now, the admin ID for the tenant is the client's email and password, and we can log in via GoDaddy, but the classic "almost everything an admin would like to do is hidden" situation still exists.

What do you see when you do a whois for the domain? If that email is the true account name it should show everything. Try this to see what you get. Open a browser private page, get to the login page. Instead of logging in you should had a hyperlink to forgot username. Click on that and type in the customer's email address. You'll get an email with the login. I say that because because my Godaddy login is not an email address.

Now, when logging in to the GoDaddy account you get a stippled red warning banner saying that there's an incorrect SPF record and saying we need to update it. Of course, since the name servers in use don't belong to GoDaddy, we can't. So now we're trying to figure out if we can just have GoDaddy's nameservers take this over or not, then update the SPF record.

If you haven't already figured it out. In my login I go to Domain Portfolio, check the box for the domain in question, get a popup at the bottom of the screen that includes Nameservers. Popup will let you change the name servers to Godaddy.

Of course all this makes me wonder how all this plays in to the defederation of the M365 tenant from GoDaddy, which I still want to do.

If you're talking about removing Godaddy from the equation I don't think you can since M365 was purchased from. All my Godaddy M365 customers can only access login.microsoftonline.com via Godaddy's SSO.

 

[britechguy]

@Markverhyden

With regard to point one, we now have "Domain" for his domain showing up in his GoDaddy account. That was not the case previously, when it was owned by his former tech guy.

With regard to point two, this is precisely the stage I got to yesterday, but I did not want to just change to GoDaddy's nameservers without doing "my due diligence" about doing so beforehand, part of which was posting here to ask about this. If it's perfectly safe to do this, then it looks like "a click of a button" will allow for that and all will be well. I should then be able to edit the SPF record, etc.

With regard to point three, it's been discussed here, and those who've done it say that GoDaddy must agree to allow defederation from their ecosystem and back to Microsoft's for any M365 tenant upon request. And that's still what I intend to do so that I will finally have access to the full M365 administrative suite (which happens to also make dealing with getting data uploaded much easier, among many other things). If anyone knows that this has changed, it's not been mentioned here. In fact, several have commented that now GoDaddy has to handle the defederation process for you (the client) upon request as opposed to "the old way" where the client had to do virtually all of it themselves.

 

[Markverhyden]

With regard to point one, we now have "Domain" for his domain showing up in his GoDaddy account. That was not the case previously, when it was owned by his former tech guy.

Sorry I misread the original comment. You're talking about M365 and for some reason I thought it was the domain.

With regard to point two, this is precisely the stage I got to yesterday, but I did not want to just change to GoDaddy's nameservers without doing "my due diligence" about doing so beforehand, part of which was posting here to ask about this. If it's perfectly safe to do this, then it looks like "a click of a button" will allow for that and all will be well. I should then be able to edit the SPF record, etc.

Changing the name servers does not bring over the DNS records. It creates a root record, may include other default records depending on the DNS provider. Everything else, including MX, TXT (which is what an SPF, etc is), etc will need to be re-entered. Just did this a couple of weeks ago. Even if the old tech gave you a list I'd check the domain at dnschecker.org, or similar site, see get the various records.

With regard to point three, it's been discussed here, and those who've done it say that GoDaddy must agree to allow defederation from their ecosystem and back to Microsoft's for any M365 tenant upon request. And that's still what I intend to do so that I will finally have access to the full M365 administrative suite (which happens to also make dealing with getting data uploaded much easier, among many other things). If anyone knows that this has changed, it's not been mentioned here. In fact, several have commented that now GoDaddy has to handle the defederation process for you (the client) upon request as opposed to "the old way" where the client had to do virtually all of it themselves.

I forgot it's just changing the tenant host.

 

[britechguy]

You're talking about M365 and for some reason I thought it was the domain.

No, you were right. Both issues were at play. One of the first "rotten layers" in the onion was the realization that the former tech had dropped the ball as far as transferring actual ownership of the client's domain to the client. Both were surprised when I discovered this oversight, as both had believed it had happened at the time of the other tech's retirement due to health reasons several years ago. It just hadn't. His cooperation in telling GoDaddy just to "hand it over" made the process much easier than it would have been had he either been deceased or refused to cooperate in the transfer.

With regard to the email, I don't give a flying rat's patootie who's nameservers are taking care of things, but I do want to get his various email records as they should be. Right now, even though GoDaddy is giving the warning about SPF, there's nothing I can do unless it's GoDaddy's nameservers being used. So if there's little to no chance of email suddenly just stopping due to change of nameserver, that's what I'll end up doing. It's clear that the other housekeeping with regard to email has never been attended to correctly. But I also know that GoDaddy has its own arrangement with some spam filtering intermediary (I know the name starts with P, and has another P in the middle, but I'm having a mental block with PowerPoint right now) that I also need to extricate him from, too, but that can be after we defederate the M365 tenant.

 

[Markverhyden]

With regard to the email, I don't give a flying rat's patootie who's nameservers are taking care of things, but I do want to get his various email records as they should be. Right now, even though GoDaddy is giving the warning about SPF, there's nothing I can do unless it's GoDaddy's nameservers being used. So if there's little to no chance of email suddenly just stopping due to change of nameserver, that's what I'll end up doing.

True it doesn't have to be Godaddy but it has to be someplace you can access to manage records. Years ago I used zoneedit.com because you could register up to 5 domains no charge to include DNS records. Since I was hosting my own servers it was perfect. But, like so many other things, it's no longer free but they did Grandfather in my 5 domains. My preference is to have the name servers with the domain registrar since it's all available in a single pane of glass In theory there can't be any interruption in email since you will be using the same values for each record. Other than the publisher there is no change.

 

[britechguy]

My preference is to have the name servers with the domain registrar since it's all available in a single pane of glass

Same here, when I was last dealing with this. I have used namecheap.com as my domain name registrar almost since I first put up my website (had yahoo for the first year, and then they did the then-typical thing of jacking up the price by an outrageous amount) and I am toying with the idea of ultimately transferring his domain to them. It's less expensive and I am having less and less love for GoDaddy. I've never had anything but good experiences with namecheap tech support on the few occasions I've needed it. GoDaddy has been the exact opposite.

 

[britechguy]

Well, I'm off to change those name servers and ::shudder:: attempt to get the M365 tenant defederated from GoDaddy (or at least get it in the queue for that - my understanding is that it usually takes several business days once they agree).

 

[Sky-Knight]

I'm looking at the instructions for it, and it seems you can do it all yourself without engaging GoDaddy support at all.

BUT... it requires a specific admin account you pull from the GoDaddy user list, AND the ability to connect to M365 via Powershell and run a script. If all of that isn't something you want to do, then yeah... you wait for GoDaddy to defederate for you.

That being said, it's still a superior process to waiting for GoDaddy to drop the domain off the tenant so you can slap it on a new one, that mess is even worse!

 

[britechguy]

I'm looking at the instructions for it, and it seems you can do it all yourself without engaging GoDaddy support at all.

While I have no doubt that's true (and GoDaddy Support stated as much) they do have a defederation process, which we have begun.

This is supposed to take 10 business days, max, depending on how many are "in the stack" and how quickly they work through them. I expect it will be sooner. I'd rather not botch something, let them botch it.

One thing that surprises me is that, once the tenant is defederated, we have only 6 days to get in there and buy new licenses (not that this is a big deal). I would never have thought that Microsoft would allow an M365 license purchased through a reseller to be pulled, but apparently they do and that's what GoDaddy does. Since we have nothing in that tenant as far as data goes, and the email bits are already going right along with it, it makes no difference if we need to start afresh with a new "purchased from Microsoft" M365 subscription. Then I'll get the other three seats that are needed, too.

We seem to be getting email just fine after the name server changeover to use GoDaddy's name servers. While we were on the phone the email records were updated and the DNS record for the website as well. The website was offline for a while, but in checking now things appear to have propagated out and I can load it without issue.

Next stop: Transfer the data from the WinServer2003.

I still really don't get why MS does not make clear how much storage you have under SharePoint. It does not seem to be a part of the 1TB per user setup for M365 business (any variety) and also appears to be quite substantial, based on what's been said here. I'm just looking forward to being able to get into the admin portal to actually be able to control things.

 

[callthatgirl]

I call GoDaddy with the number my vendor gives me, then I am firm and don't take their crap, defed and get off the call. Wait a week and it's yours.