Finding Azure AD domain from tenant id

Ever had an Azure AD tenant id, and wondered which tenant this is? While checking the APIs behind the new Azure AD cross-tenant access settings, I found a new API that can help you with this!

Let’s assume we have the tenant id 72f988bf-86f1-41af-91ab-2d7cd011db47, and want to know which domain this is, we can simply:

GET https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId='72f988bf-86f1-41af-91ab-2d7cd011db47a')

And you will get the following response:

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.tenantInformation",
    "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
    "federationBrandName": null,
    "displayName": "Microsoft",
    "defaultDomainName": "microsoft.onmicrosoft.com"
}

One caveat though, is that this requires authentication and the scope Directory.AccessAsUser.All to run. You can test it out using Graph Explorer:

Also, I was unable to get it to work using client credentials and my own app registration, both leaves me with “Insufficient privileges to compelte the operation”.

2 thoughts on “Finding Azure AD domain from tenant id

  1. This is useful. Thank you for providing details. One small correction Tenant id provided in the request is incorrect 72f988bf-86f1-41af-91ab-2d7cd011db47a (correct tenant id is 72f988bf-86f1-41af-91ab-2d7cd011db47)

  2. Thanks for this. Tried it now, seems there is a new scope available, “CrossTenantInformation.ReadBasic.All”.

    Simple working example with the “`Microsoft.Graph“` module:

    “`powershell
    $null = Import-Module -Name ‘Microsoft.Graph.Authentication’ -Force
    $null = Select-MgProfile -Name ‘beta’
    $null = Connect-MgGraph -Scopes ‘CrossTenantInformation.ReadBasic.All’ -ForceRefresh
    Invoke-MgGraphRequest -Method ‘Get’ -Uri (“https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId=`'{0}`’)” -f $TenantId)
    $null = Disconnect-MgGraph
    “`

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s