Getting Azure AD domain authentication information using PowerShell

Uncategorized

This is a quick blog post with an example PowerShell cmdlet allowing you to find out what type of authentication and branding exists for a domain in Azure AD.

function Get-AzureADDomainInfoFromPublicApi
{
    [CmdletBinding()]
    [Alias()]
    Param
    (
        # Param1 help description
        [Parameter(Mandatory=$true,
                   ValueFromPipeline=$true,
                   Position=0)]
        [String] $Domain
    )

    Begin
    {
    }
    Process
    {
        $Url = "https://login.microsoftonline.com/common/userrealm/?user=someone.random@" + $Domain + "&checkForMicrosoftAccount=true&api-version=2.1"
        Invoke-RestMethod $Url
    }
    End
    {
    }
}

Get-AzureADDomainInfoFromPublicApi microsoft.com
Get-AzureADDomainInfoFromPublicApi innofactor.com

For example, in the output, if “AuthURL” contains a url you’ll see that ADFS is used and if is_dsso_enabled that means the Seamless SSO is active.

Published by Marius Solbakken

Published

One thought on “Getting Azure AD domain authentication information using PowerShell

  1. Thank you for the write-up. I’m trying to find documentation that outlines more detail about each of the returned values (e.g., MicrosoftAccount, IsMicrosoftAccountSet, etc.) but can’t seem to locate it. For example, what is a value of 1 for “MicrosoftAccount” versus a value of 0. At first, I assumed 0 meant there was no account, but that can’t be correct as “IsMicrosoftAccountSet” comes back as True.

    Do you have any recommendations?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s