How can I use MS Graph to display ADRE ADRE instances for a given LiveID account?
I have a tenant who uses a liveID account to manage 20+ different Azure AD directories.
How can I get a list of all the Azure AD instances associated with this account?
I tried to use this graphical explorer to find out which request was correct, however every time I tried to agree to consent to read the directory, the tool would not accept it. (it will work, but the checkbox will be cleared when checked)
My goal is to determine at runtime which instances had "administrative consent" to access applications stored by my tenant. Then I will ask the administrator for consent to these applications.
I am marked as MSAL and ADAL, I cannot work with MSFT account, which is an administrator for Azure AD
Testing
I am using this MSFT sample and have posted this debug code on whatever controller I am currently using ActiveDirectoryClient
. This code works for any AzureAD account.
var pagedCollectionTenants = await client.TenantDetails.ExecuteAsync();
do
{
var tenants = pagedCollectionTenants.CurrentPage.ToList();
foreach (var tenant in tenants)
{
System.Diagnostics.Debug.WriteLine(tenant.DisplayName + " id " + tenant.ObjectId + " " +
tenant.Street + " " +
tenant.City + " " +
tenant.State + " " +
tenant.PostalCode + " " + tenant.PreferredLanguage + " " + tenant.TelephoneNumber);
System.Diagnostics.Debug.WriteLine(" ** Assigned Plans **");
foreach (var plan in tenant.AssignedPlans)
{
System.Diagnostics.Debug.WriteLine( " " + plan.AssignedTimestamp + " " + plan.ServicePlanId + " " + plan.Service + " " + plan.CapabilityStatus);
}
System.Diagnostics.Debug.WriteLine(" ** Provisioned Plans **");
foreach (var provisionedPlans in tenant.ProvisionedPlans)
{
System.Diagnostics.Debug.WriteLine(" " + provisionedPlans.CapabilityStatus + " " + provisionedPlans.ProvisioningStatus + " " + provisionedPlans.Service);
}
System.Diagnostics.Debug.WriteLine(" ** Verified Domains **");
foreach (var domain in tenant.VerifiedDomains)
{
System.Diagnostics.Debug.WriteLine(" " + domain.Type + " " + domain.Name + " " + domain.Initial + " " + domain.Id + " " + domain.Capabilities + " " + domain.@default);
}
}
pagedCollectionTenants = pagedCollectionTenants.GetNextPageAsync().Result;
} while (pagedCollectionTenants != null);
The results for the MSFT account are as follows:
source to share
How can I get a list of all AD AD AD instances associated with this account?
I'm not sure if the Microsoft Graph api provides an api call to get a list of all AD AD AD instances associated with this account. But I noticed in the new azure portal, I can select multiple active Windows Azure directories by clicking my username at the top right side of the portal. With Fiddler, you can find the api call that the portal uses to get information about Active Directory in Windows Azure:
https://ms.portal.azure.com/AzureHubs/api/tenants/List
Then you can add Windows Azure Service Management API
in required permissions
to your application:
Then, using the flow of the authorization code , you need to get an access token for Windows Azure Service Management API
setting resource: https://management.core.windows.net/
.
After you get the access token, you can try the following api calls to get all active Azure directories:
POST https://ms.portal.azure.com/AzureHubs/api/tenants/List
Authorization: Bearer xxxxx
Result:
If your account is a microloan and you want to authenticate with the app, you can add the account as an external user to AAD .
source to share