Finding Azure AD domain from tenant id

Ever had an Azure AD tenant id, and wondered which tenant this is? While checking the APIs behind the new Azure AD cross-tenant access settings, I found a new API that can help you with this!

Let’s assume we have the tenant id 72f988bf-86f1-41af-91ab-2d7cd011db47, and want to know which domain this is, we can simply:

GET https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId='72f988bf-86f1-41af-91ab-2d7cd011db47a')

And you will get the following response:

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.tenantInformation",
    "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
    "federationBrandName": null,
    "displayName": "Microsoft",
    "defaultDomainName": "microsoft.onmicrosoft.com"
}

One caveat though, is that this requires authentication and the scope Directory.AccessAsUser.All to run. You can test it out using Graph Explorer:

Also, I was unable to get it to work using client credentials and my own app registration, both leaves me with “Insufficient privileges to compelte the operation”.

One thought on “Finding Azure AD domain from tenant id

  1. This is useful. Thank you for providing details. One small correction Tenant id provided in the request is incorrect 72f988bf-86f1-41af-91ab-2d7cd011db47a (correct tenant id is 72f988bf-86f1-41af-91ab-2d7cd011db47)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s