While running the Hybrid Configuration Wizard for an Exchange/Office 365 hybrid deployment one of the steps involves adding TXT records to your DNS zones to prove ownership of the domains being configured for federation.
There’s a particular DNS host in Australia that I keep encountering that has a bug in their control panel. The TXT records often contain “+” characters, which this control panel bug removes. It’s not the sort of thing that is easy to spot when you’re squinting at your laptop screen, so I ended up writing a script to check it for me.
Download Test-FederatedDomainProof.ps1 from Github.
This PowerShell script is very simple to use. It requires the Exchange Management Shell, and you simply tell it which domain name you want to test and the script will query a Google DNS server for the TXT records for that domain and compare it to the string that is generated as the federated domain proof.
When the script runs you’ll simply see a green or red message at the end indicating success or failure.
Because of the way the proof string is generated you should run the script from within the Exchange organization that owns the domain.