Authenticating with Azure Active Directory on powershell
The cmdlet Connect-AzureAD
establishes connection to ADD domian, after we login successed a confirmation will display:
PS C:\windows\system32> connect-azureadAccount Environment Tenant------- ----------- ------jasontest1@xxxxxx.onmicrosoft.com AzureCloud xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
The connection can be vaildated with this cmdlet Get-AzureADDomain
, if the user is connected to AAD domain, where he has management privileges - the information about the domain will be displayed:
PS C:\windows\system32> get-azureaddomainName AvailabilityStatus AuthenticationType---- ------------------ ------------------hcl.com Managedmsgamestudios.com Managedfoobar.local Managedmultimap.com Managedskypestaytogether.com Managedinsightsquarterly.com.au Managedcalanit.onmicrosoft.com Federatedmsft.ccsctp.net Managedruffiangames.com Managedxn--m1bg0b0byewac1j8b.com ManagedVoicesforInnovation.org Managedshaanximic.com Managedwww.yunnanmic.com Managedwsmbela.pss.com Managedfornax.off Managedapi.staging.yammer.com Managedcodenauts.net Managedacompli.com Managedtestdomains.co Managedmicrosoft.hr ManagedBayportali.mmdservice.com Managedcontoso.com Managedapi.swrepository.com ManagedEquivio.com Managedsunshine.am Managedmicrosoftaffiliates.com Managed
If user has no admin privileges, we will get the error same as you.
Get-AzureADDomain : Error occurred while executing GetDomainsCode: Authentication_UnauthorizedMessage: User was not foundHttpStatusCode: Forbidden
The reason is that, the cmdlet GetAzureADDomian has no tenant specified, so the connection was established to a domian, where user has no admin privileges.
To ensure connection to expected AAD domian, the tenant ID must specified in call to Connect-AzureAD
cmdlet.
PS C:\windows\system32> Connect-AzureAD -TenantId
As already answered here, please use:
PS C:\windows\system32> Connect-AzureAD -TenantId {YOUR_TENANT_ID}Example:PS C:\windows\system32> Connect-AzureAD -TenantId ce1af0ab-ae35-4f60-8f2d-944444444444
It's a common mistake to use TenantId we get when executing Connect-AzureAd
, like following:
But use the TenantId
from Azure Portal --> Azure Active Directory --> Properties --> Directory Id
.
The Directory Id
= TenantId
.