Get the value of the DKIM record for a Domain, using PowerShell | Office 365 | Part 7#10 5/5 (2) 10 min read

The task of getting the value of the DKIM records for a specific domain name in Office 365 based environment, can be described as a “challenging task, ” because, at the current time, there is no “user-friendly” graphic interface that can provide us the information that we need.

The only way for getting the required DKIM host name records is, by implementing a “manual calculation (which was reviewed in a former article) or, by using a PowerShell command that will get us the required DKIM host names.

The additional challenge that stands before of us is, that the PowerShell command that we use, provide only a “partial information” about the Hostnames that we will need to use for creating the required DKIM CNAME records.

To make your life easier, I have written a small PowerShell script , that will “fetch” the required data about the DKIM host names and present the information in a more user-friendly way.

Getting the information about the DKIM CNAME in Office 365

A quick reminder about the implementation of DKIM in Office 365 and the “structure” of CNAME record.

In Office 365 based environment, we need to create two CNAME records, that will be used for outbound DKIM signing for a specific domain name that is hosted at Office 365.

Any CNAME record consists of “two parts”:

  • Part 1#2 – The host name whom the DNS client asks about.
  • Part 2#2 – The “additional host name” to which the DNS client will be redirected.

Generation 1#3

When I wrote the current article series about the – “DKIM infrastructure in Office 365,” the only way that was available for Office 365 customers to get the specific values that need to be configured in the DKIM CNAME records were – by using a long and exhausting process.

The solution was based on a process in which we need to use a “manual formula,” that was supposed to generate the required “values” (hostnames) that we need to use for the two “DKIM CNAME records.”

Note – If you are still interested in the method of – generating the required DKIM CNAME records by using the “Office 365 DKIM formula,” you can read the following article – Calculating manually the value of the Office 365 DKIM selector hostname | Part 6#10

Generation 2#3

Along the way, Microsoft decided to provide PowerShell cmdlets, that will enable us to “get” the required information about – the values that we need to use for the DKIM CNAME records (for our specific domain name).

This is a better solution versus the “manual calculation” of the “Office 365 DKIM formula” but the “PowerShell solution” is not perfect because the process sufferers from major drawback – the PowerShell output that we get, is related only to the “second part” of DKIM CNAME record.

In other words, the PowerShell output provides us only “half of the required information” that is needed for the purpose of – creating two CNAME records.

I believe that most of us would expect to get a more “clear” output that just says something
like: “dear sear \ lady, the DKIM CNAME records that you need to create will need to include the following values: X, Y, Z””

For this reason, I write a little PowerShell script that supposed to simplify the task of “fetching” the required information about the – content of the DKIM CNAME records per.

Generation 3#3

I believe that in the future, the “Office 365 guys,” will provide some “graphic interface,” that will help us to understand beater the exact syntax that we need to use for our DKIM CNAME records pair.


Option 1#2 - Getting the host name of Office 365 DKIM selector using PowerShell

To get the information about the Office 365 selectors host names for a specific domain name, we use the PowerShell command – Get-DkimSigningConfig.

It is important to emphasize that this PowerShell command will provide the information only about the “second part” of the CNAME record that we will need to create.

The PowerShell cmdlet - Get-DkimSigningConfig provide us only Half of the information

The PowerShell syntax that we need to use is as follows:

PowerShell command syntax

For example, in our scenario, we wish to get the information about the Office 365 DKIM selectors record that represents the domain name – o365pilot.com, we use the following syntax:

PowerShell console output example

In the following screenshot, we can see the result of the PowerShell
command Get-DkimSigningConfig
Get information about DKIM CNAME record – Office 365 Get-DkimSigningConfig -01

In our specific example, the “second part” of the two DKIM CNAME records that we need to create will redirect DKIM DNS queries to the following host names:

selector1-o365pilot-com._domainkey.o365info2.onmicrosoft.com
selector2-o365pilot-com._domainkey.o365info2.onmicrosoft.com

The “first part” of the Office 365 DKIM record

Notice that the “complete” syntax for the DKIM CNAME record includes two parts.

As mentioned, the PowerShell command Get-DkimSigningConfig, provide us only the “second part” of the DKIM CNAME record.

The “first part” of the Office 365 DKIM record is a “fixed value,” that we use for all the public domain and its used by every Office 365 tenants.

For example, in a scenario in which we need to define the “first part” of the CNAME records, for the domain name – o365pilot.com, the syntax will be implemented as follows:

First CNAME record The “first part” of the “first Office 365 DKIM CNAME record” is always – Selector1._domainkey.

The FQDN (Fully Qualified Domain Name) of the host in our example will be:

Selector1._domainkey.o365pilot.com

Second CNAME record The “first part” of the “second Office 365 DKIM CNAME record” is always –Selector2._domainkey.

The FQDN (Fully Qualified Domain Name) of the host in our example will be:

Selector2._domainkey.o365pilot.com

The two parts of Office 365 DKIM CNAME records


Option 2#2 - How to use the – “Show my Office 365 CNAME DKIM records” PowerShell script

To make this task more user-friendly, I have created a simple menu based PowerShell script, that will “fetch” the information about the required syntax for an Office 365 DKIM CNAME record (for a specific domain name), and display the information in a convenient way to understand.

Running the Show my Office 365 CNAME DKIM records” PowerShell script

We will run the menu based PowerShell script – “Show me CNAME DKIM records,” by using standard PowerShell console.

First-time configurations

In case that this is the first time that you run a PowerShell script, you will need to “allow” PowerShell console to run a PowerShell script.

  1. Right click on the PowerShell console icon, and select the menu “Run as Administrator
  2. Copy and paste the following command – Set-ExecutionPolicy Unrestricted –force
  3. From the PowerShell console, you will need to “call” the dkim.ps1 PowerShell script.

Step 1#2 – login to Exchange Online using remote PowerShell session

To initialize the remote PowerShell session to Exchange Online, select the menu option “1
( 1) Login to Exchange Online using Remote PowerShell)

Export information about Office 365 CNAME DKIM records using a PowerShell script -01

Provide your Office 365 Global Administrator credentials

Get information about DKIM CNAME record – Office 365 Get-DkimSigningConfig -02

Step 2#2 – display and export information about Office 365 DKIM CNAME records for a specific domain name.

Select menu option number “2” (the menu named – 2)
(2) View and export information on the DKIM host name record for a specific Domain name)

Get information about DKIM CNAME record – Office 365 Get-DkimSigningConfig -03

You will need to provide the specific domain name.

This is the “domain name,” for which we need to get the information about the Office 365 DKIM CNAME record hosts names.

In our example, the domain name is – o365pilot.com

Get information about DKIM CNAME record – Office 365 Get-DkimSigningConfig -04

The information about the Office 365 DKIM CNAME record hosts names is:

  1. Displayed on the PowerShell console.
  2. Exported to files to a new folder named- INFO\DKIM Record Settings that will be created on Drive C:

In the following screenshot, we can see the result.

The information displayed on the PowerShell console, describe the host names whom we need to define for the two DKIM CNAME records.

Get information about DKIM CNAME record – Office 365 Get-DkimSigningConfig -05

In the following screenshot, we can see the new INFO folder that was created.

The files are stored in the folder named – DKIM Record settings.

Export information about Office 365 CNAME DKIM records using a PowerShell script -06

We can see that the information is stored in a TEXT file + HTML file.

Using an HTML file enables us to understand better the specific host name that we need to create because the information includes a screenshot.

Export information about Office 365 CNAME DKIM records using a PowerShell script -07

In the following screenshot, we can see the structure of the HTML file.
The HTML file includes the required information for the two DKIM CNAME records that we will need to create.

Export information about Office 365 CNAME DKIM records using a PowerShell script -08

In the following screenshot, we can see the result for the domain name that we provide (o365pilot.com in our example).

Part A – this is the “first part” of the DKIM CNAME record that we need to publish.

In our specific example, the first part of the DKIM CNAME record is the host name – Selector1._domainkey.

Part B – this is the “second part” of the DKIM CNAME record that we need to publish.

In our specific example, the second part of the DKIM CNAME record is the host name –

selector1-o365pilot-com._domainkey.o365info2.onmicrosoft.com.

Part C – this is just a “sample” screenshot, that demonstrates the structure of a “standard CNAME record”, and the “locations” which we need to use for “entering” the specific host names.

Export information about Office 365 CNAME DKIM records using a PowerShell script -09

The DKIM menu based PowerShell script.

The DKIM menu based PowerShell script, include additional options.

For example, by using the menu option “3” (the menu named – 3) (3) View and export information about the DKIM host name record for ALL Domain names), we can view and export information about the Office 365 DKIM CNAME record, for all the existing domain names, including the onMicrosoft domain names.

Export information about Office 365 CNAME DKIM records using a PowerShell script -10-

In the following screenshot, we can see the results.

Export information about Office 365 CNAME DKIM records using a PowerShell script -11

The next step

The next step is creating the required DNS CNAME records.

In the next article, you can find a step by step guide that will walk you through the process.

Download the “Show me my DKIM host name record” PowerShell script

For your convenience, I have “Wrapped” all the PowerShell commands that were reviewed in the article,
in a “Menu Based” PowerShell Script.

You are welcome to download the PowerShell script and use it.
Download -o365info PowerShell Script

DKIM Powershell Script
In case you want to get more detailed information about how to use the o365info menu PowerShell script, you can read the following article

Now it’s Your Turn!
It is important for us to know your opinion on this article

Restore Exchange Online mailbox | Article series index

Print Friendly

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron
Share your knowledge.
It’s a way to achieve immortality.
Dalai Lama

Leave a Reply

Your email address will not be published. Required fields are marked *