Getting Azure AD domain authentication information using PowerShell

This is a quick blog post with an example PowerShell cmdlet allowing you to find out what type of authentication and branding exists for a domain in Azure AD.

function Get-AzureADDomainInfoFromPublicApi
{
    [CmdletBinding()]
    [Alias()]
    Param
    (
        # Param1 help description
        [Parameter(Mandatory=$true,
                   ValueFromPipeline=$true,
                   Position=0)]
        [String] $Domain
    )

    Begin
    {
    }
    Process
    {
        $Url = "https://login.microsoftonline.com/common/userrealm/?user=someone.random@" + $Domain + "&checkForMicrosoftAccount=true&api-version=2.1"
        Invoke-RestMethod $Url
    }
    End
    {
    }
}

Get-AzureADDomainInfoFromPublicApi microsoft.com
Get-AzureADDomainInfoFromPublicApi innofactor.com

For example, in the output, if “AuthURL” contains a url you’ll see that ADFS is used and if is_dsso_enabled that means the Seamless SSO is active.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s