To verify a domain in AAD, first remove it from office 365! Sigh!
My advice is NOT to use the console – which has a particular verification procedure (based on adding a TXT record). In powershell create a federated class domain, get the (other particular style of ) validation information done, and then and only then verify the site. At the same time, one gets to setup the endpoint that allows Azure AD to talk back to ADFS for passive and active reasons.
Using the managed account to login to the AAD via the powershell tool, now add a user (and their unique immutableid/UPN).