My question is: Is it possible to get the azure active directory tenant id without using powershell command?
I found this two blogs and with this help, I'm already able to get the tenant ID and subscriptions ID from powershell. Is it the only way to retrieve the tenant?
Get Windows Azure Active Directory Tenant ID in Windows PowerShell
Windows Azure AD authentication support for PowerShell
Thanks
This question is related to
azure
azure-active-directory
As of now (06/07/2018), an easy approach would be running az account show in the Azure Cloud Shell (requires a Storage Account) in the Azure Portal.
--- Command ---
az account show
--- Command Output ---
{
"environmentName": "AzureCloud",
"id": "{Subscription Id (GUID)}",
"isDefault": true,
"name": "{Subscription Name}",
"state": "Enabled",
"tenantId": "{Tenant Id (GUID)}",
"user": {
"cloudShellID": true,
"name": "{User email}",
"type": "user"
}
}
Find more details on Azure Cloud Shell at https://docs.microsoft.com/en-us/azure/cloud-shell/overview.
The tenant id is also present in the management console URL when you browse to the given Active Directory instance, e.g.,
https://manage.windowsazure.com/<morestuffhere>/ActiveDirectoryExtension/Directory/BD848865-BE84-4134-91C6-B415927B3AB1
If you have installed Azure CLI 2.0 in your machine, you should be able to get the list of subscription that you belong to with the following command,
az login
if you want to see as a table output you could just use
az account get-access-token --query tenant --output tsv
or you could use the Rest API
https://docs.microsoft.com/en-us/rest/api/resources/tenants/list
You can run a simple curl call to get the tenant id of an azure subscription without any authentication.
make a curl call to :
https://management.azure.com/subscriptions/{subscription-id}?api-version=2015-01-01
The request fails but you will be able to get the tenant id from the response header. The tenant id is present in line followed by "WWW-Authenticate: Bearer authorization_uri="https://login.windows.net/"
you can use curl -v
to show the response header.
Time changes everything. I was looking to do the same recently and came up with this:
added 02/17/2021
Stable Portal Page thanks Palec
added 12/18/2017
As indicated by shadowbq, the DirectoryId and TenantId both equate to the GUID representing the ActiveDirectory Tenant. Depending on context, either term may be used by Microsoft documentation and products, which can be confusing.
The tenant ID is tied to ActiveDirectoy in Azure
Yes I used paint, don't judge me.
Via PowerShell anonymously:
(Invoke-WebRequest https://login.windows.net/YOURDIRECTORYNAME.onmicrosoft.com/.well-known/openid-configuration|ConvertFrom-Json).token_endpoint.Split('/')[3]
A simple way to get the tenantID is
Connect-MsolService -cred $LiveCred #sign in to tenant
(Get-MSOLCompanyInformation).objectid.guid #get tenantID
From Java:
public static String GetSubscriptionTenantId (String subscriptionId) throws ClientProtocolException, IOException
{
String tenantId = null;
String url = "https://management.azure.com/subscriptions/" + subscriptionId + "?api-version=2016-01-01";
HttpClient client = HttpClientBuilder.create().build();
HttpGet request = new HttpGet(url);
HttpResponse response = client.execute(request);
Header[] headers = response.getAllHeaders();
for (Header header : headers)
{
if (header.getName().equals("WWW-Authenticate"))
{
// split by '"' to get the URL, split the URL by '/' to get the ID
tenantId = header.getValue().split("\"")[1].split("/")[3];
}
}
return tenantId;
}
Go to https://login.windows.net/YOURDIRECTORYNAME.onmicrosoft.com/.well-known/openid-configuration and you'll see a bunch of URLs containing your tenant ID.
xxx@Azure:~$ az ad sp create-for-rbac
Retrying role assignment creation: 1/36
{
"appId": "401143c2-95ef-4792-9900-23e07f7801e7",
"displayName": "azure-cli-2018-07-10-20-31-57",
"name": "http://azure-cli-2018-07-10-20-31-57",
"password": "a0471d14-9300-4177-ab08-5c45adb3476b",
"tenant": "e569f29e-b008-4cea-b6f0-48fa8532d64a"
}
In the Azure CLI (I use GNU/Linux):
$ azure login # add "-e AzureChinaCloud" if you're using Azure China
This will ask you to login via https://aka.ms/devicelogin or https://aka.ms/deviceloginchina
$ azure account show
info: Executing command account show
data: Name : BizSpark Plus
data: ID : aZZZZZZZ-YYYY-HHHH-GGGG-abcdef569123
data: State : Enabled
data: Tenant ID : 0XXXXXXX-YYYY-HHHH-GGGG-123456789123
data: Is Default : true
data: Environment : AzureCloud
data: Has Certificate : No
data: Has Access Token : Yes
data: User name : [email protected]
data:
info: account show command OK
or simply:
azure account show --json | jq -r '.[0].tenantId'
or the new az:
az account show --subscription a... | jq -r '.tenantId'
az account list | jq -r '.[].tenantId'
I hope it helps
For AAD-B2C it is fairly simple. From Azure Portal with a B2C directory associated, go to your B2C directory (I added the "Azure AD B2C" to my portal's left menu). In the B2C directory click on "User flows (policies) directory menu item. In the policies pane click on one of your policies you previously added to select it. It should open a pane for the policy. Click "Properties". In the next pane is a section, "Token compatibility settings" which has a property "Issuer". Your AAD-B2C tenant GUID is contained in the URL.
You can also get the tenant id, in fact all subscription details by logging into the url resources.azure.com
Use the Azure CLI
az account get-access-token --query tenant --output tsv
My team really got sick of trying to find the tenant ID for our O365 and Azure projects. The devs, the support team, the sales team, everyone needs it at some point and never remembers how to do it.
So we've built this small site in the same vein as whatismyip.com. Hope you find it useful!
How to find my Microsoft 365, Azure or SharePoint Online tenant ID?
One click answer:
open this URL:
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties
According to Microsoft:
Find your tenantID: Your tenantId can be discovered by opening the following metadata.xml document: https://login.microsoft.com/GraphDir1.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml - replace "graphDir1.onMicrosoft.com", with your tenant's domain value (any domain that is owned by the tenant will work). The tenantId is a guid, that is part of the sts URL, returned in the first xml node's sts url ("EntityDescriptor"): e.g. "https://sts.windows.net/".
Reference:
https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-graphapi-web/
In PowerShell:
Add-AzureRmAccount #if not already logged in
Get-AzureRmSubscription -SubscriptionName <SubscriptionName> | Select-Object -Property TenantId
If you have Azure CLI setup, you can run the command below,
az account list
or find it at ~/.azure/credentials
This answer was provided on Microsoft's website, last updated on 3/21/2018:
In short, here are the screenshots from the walkthrough:
Hope this helps.
Source: Stackoverflow.com