I have a customer who is using a liveID account to manage 20+ different Azure AD directories.
How can I get a list of all the Azure AD instances associated with this account?
I tried using this graph explorer to figure out which query was correct, however every time I tried to consent to a Directory Read consent, the tool didn't accept it. (it would run, but the checkbox would be cleared upon inspection )
My goal is to determine at runtime, which instances have had "administrative consent" to access applications stored in my tenant. Then I will prompt the administrator to consent for those apps.
I'm tagging as MSAL and ADAL, I can't get either to work with a MSFT Account that is an admin for Azure AD
I am using this MSFT sample and posted this debug code in on any controller that is currently using ActiveDirectoryClient
. This code works for any AzureAD account.
var pagedCollectionTenants = await client.TenantDetails.ExecuteAsync();
var tenants = pagedCollectionTenants.CurrentPage.ToList();
foreach (var tenant in tenants)
System.Diagnostics.Debug.WriteLine(tenant.DisplayName + " id " + tenant.ObjectId + " " +
tenant.Street + " " +
tenant.City + " " +
tenant.State + " " +
tenant.PostalCode + " " + tenant.PreferredLanguage + " " + tenant.TelephoneNumber);
System.Diagnostics.Debug.WriteLine(" ** Assigned Plans **");
foreach (var plan in tenant.AssignedPlans)
System.Diagnostics.Debug.WriteLine( " " + plan.AssignedTimestamp + " " + plan.ServicePlanId + " " + plan.Service + " " + plan.CapabilityStatus);
System.Diagnostics.Debug.WriteLine(" ** Provisioned Plans **");
foreach (var provisionedPlans in tenant.ProvisionedPlans)
System.Diagnostics.Debug.WriteLine(" " + provisionedPlans.CapabilityStatus + " " + provisionedPlans.ProvisioningStatus + " " + provisionedPlans.Service);
System.Diagnostics.Debug.WriteLine(" ** Verified Domains **");
foreach (var domain in tenant.VerifiedDomains)
System.Diagnostics.Debug.WriteLine(" " + domain.Type + " " + domain.Name + " " + domain.Initial + " " + domain.Id + " " + domain.Capabilities + " " + domain.@default);
pagedCollectionTenants = pagedCollectionTenants.GetNextPageAsync().Result;
} while (pagedCollectionTenants != null);
The results for a MSFT Account is the following: