Finding Azure AD domain from tenant id

Ever had an Azure AD tenant id, and wondered which tenant this is? While checking the APIs behind the new Azure AD cross-tenant access settings, I found a new API that can help you with this!

Let’s assume we have the tenant id 72f988bf-86f1-41af-91ab-2d7cd011db47, and want to know which domain this is, we can simply:


And you will get the following response:

    "@odata.context": "$metadata#microsoft.graph.tenantInformation",
    "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
    "federationBrandName": null,
    "displayName": "Microsoft",
    "defaultDomainName": ""

One caveat though, is that this requires authentication and the scope Directory.AccessAsUser.All to run. You can test it out using Graph Explorer:

Also, I was unable to get it to work using client credentials and my own app registration, both leaves me with “Insufficient privileges to compelte the operation”.

2 thoughts on “Finding Azure AD domain from tenant id

  1. This is useful. Thank you for providing details. One small correction Tenant id provided in the request is incorrect 72f988bf-86f1-41af-91ab-2d7cd011db47a (correct tenant id is 72f988bf-86f1-41af-91ab-2d7cd011db47)

  2. Thanks for this. Tried it now, seems there is a new scope available, “CrossTenantInformation.ReadBasic.All”.

    Simple working example with the “`Microsoft.Graph“` module:

    $null = Import-Module -Name ‘Microsoft.Graph.Authentication’ -Force
    $null = Select-MgProfile -Name ‘beta’
    $null = Connect-MgGraph -Scopes ‘CrossTenantInformation.ReadBasic.All’ -ForceRefresh
    Invoke-MgGraphRequest -Method ‘Get’ -Uri (“`'{0}`’)” -f $TenantId)
    $null = Disconnect-MgGraph

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s