Authenticating with Azure Active Directory on powershell

The cmdlet Connect-AzureAD establishes connection to ADD domian, after we login successed a confirmation will display:

PS C:\windows\system32> connect-azureadAccount                                Environment Tenant-------                                ----------- ------jasontest1@xxxxxx.onmicrosoft.com AzureCloud  xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The connection can be vaildated with this cmdlet Get-AzureADDomain, if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:

PS C:\windows\system32> get-azureaddomainName                                        AvailabilityStatus AuthenticationType----                                        ------------------ ------------------hcl.com                                                        Managedmsgamestudios.com                                              Managedfoobar.local                                                   Managedmultimap.com                                                   Managedskypestaytogether.com                                          Managedinsightsquarterly.com.au                                       Managedcalanit.onmicrosoft.com                                        Federatedmsft.ccsctp.net                                                Managedruffiangames.com                                               Managedxn--m1bg0b0byewac1j8b.com                                      ManagedVoicesforInnovation.org                                        Managedshaanximic.com                                                 Managedwww.yunnanmic.com                                              Managedwsmbela.pss.com                                                Managedfornax.off                                                     Managedapi.staging.yammer.com                                         Managedcodenauts.net                                                  Managedacompli.com                                                    Managedtestdomains.co                                                 Managedmicrosoft.hr                                                   ManagedBayportali.mmdservice.com                                      Managedcontoso.com                                                    Managedapi.swrepository.com                                           ManagedEquivio.com                                                    Managedsunshine.am                                                    Managedmicrosoftaffiliates.com                                        Managed

If user has no admin privileges, we will get the error same as you.

Get-AzureADDomain : Error occurred while executing GetDomainsCode: Authentication_UnauthorizedMessage: User was not foundHttpStatusCode: Forbidden

The reason is that, the cmdlet GetAzureADDomian has no tenant specified, so the connection was established to a domian, where user has no admin privileges.

To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD cmdlet.

PS C:\windows\system32> Connect-AzureAD -TenantId

As already answered here, please use:

PS C:\windows\system32> Connect-AzureAD -TenantId {YOUR_TENANT_ID}Example:PS C:\windows\system32> Connect-AzureAD -TenantId ce1af0ab-ae35-4f60-8f2d-944444444444

It's a common mistake to use TenantId we get when executing Connect-AzureAd, like following:

But use the TenantId from Azure Portal --> Azure Active Directory --> Properties --> Directory Id.

The Directory Id = TenantId.