Get Tenant ID

Summary

These are practical scripts I have to get Tenant ID from either a domain name or from a Subscription ID.

These are simple, but very useful to be combined in other scripts.


function Get-TenantIdFromDomain {
    <#
    .SYNOPSIS
        Get the tenant ID for any Domain.

    .DESCRIPTION
        Will check and return the tenant ID for any domin, or return  $false if no ID is found.

    .PARAMETER domain
        Any domain name, ex. domain.com

    .INPUTS
        domain name: domain.com
 
    .OUTPUTS
        String or boolean False.

    .EXAMPLE
        Get-TenantIdFromDomain domain.com
        Get-TenantIdFromDomain -domain domain.com
        "domain.com" | Get-TenantIdFromDomain

    .NOTES
        FileName:   Get-TenantIdFromDomain.psm1
        Author:     Daniel Kåven
        Contact:    @dkaaven
        Created:    2022-03-25
        Updated:    2024-10-13
        Version History:
        1.0.0 - (2022-03-25) Script created
        1.1.0 - (2024-06-20) Added check for missing domain
        1.2.0 - (2024-08-13) Added ability to get data from Pipeline

    #>

    param(
        [CmdletBinding()]
        [parameter(
            Mandatory = $true,
            Position = 0,
            HelpMessage = "The domain name of the target tenant.",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true
        )]
        [String]$domain
    )

    # Check if tenant exists
    try {
        $request = Invoke-WebRequest -Uri https://login.windows.net/$domain/.well-known/openid-configuration
    }
    catch {
        if ($null -eq $request) {
            return $false
        } else {
            Write-Error $_
        }
    }

    # Return tenant ID
    $data = ConvertFrom-Json $request.Content
    $result = $data.token_endpoint.split('/')[3]
    return $result
}

Check out the PowerShell to learn more at: PowerShell Documentation | Microsoft Learn


function Get-TenantIdFromSubscriptionId {
    <#
    .SYNOPSIS
        Get the tenant ID from an Azure Subscription ID.
    .DESCRIPTION
        Will check and return the tenant ID for an Azure Subscription ID or return $false if no ID is found.
        Inspired from [Jos Lieben @ lieben.nu](https://www.lieben.nu/liebensraum/2020/08/get-tenant-id-using-azure-subscription-id/)
 
    .PARAMETER subscriptionId
        The Azure Subscription ID to check.
 
    .INPUTS
        Azure Subscription Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 
    .OUTPUTS
        String or boolean False.
 
    .EXAMPLE
        Get-TenantIdFromSubscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        Get-TenantIdFromSubscriptionId -subscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | Get-TenantIdFromSubscriptionId
 
    .NOTES
        FileName:    Get-TenantIdFromSubscriptionId.psm1
        Author:      Daniel Kåven
        Contact:     @DKaaven
        Created:     2024-08-06
        Updated:     2024-08-06
        Version history:
        1.0.0 - (2024-08-06) Script created
    #>
    param (
        [CmdletBinding()]
        [Parameter(
            Mandatory = $true,
            Position = 0,
            HelpMessage = "The Azure Subscription ID",
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true
        )]
        [Alias("subId")]
        [String]$subscriptionId
    )
    # Check Subscription ID format
    $guidPattern = "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$"
    if ($subscriptionId -notmatch $guidPattern) {
        Write-Error "$subscriptionId is not a valid Azure Subscription ID."
        return $false
    }
    $response = try {(Invoke-WebRequest -UseBasicParsing -Uri "https://management.azure.com/subscriptions/$($subscriptionId)?api-version=2015-01-01" -ErrorAction Stop).BaseResponse} catch { $_.Exception.Response } 
    $stringHeader = $response.Headers.ToString()
    $tenantId = $stringHeader.SubString($stringHeader.IndexOf("login.windows.net")+18,36)

    # Check if it exist or return false
    if ($tenantId -match $guidPattern) {
        return $tenantId
    }
    else {
        return $false
    }

}

Check out the PowerShell to learn more at: PowerShell Documentation | Microsoft Learn


# To retrieve the tenant id an authenticated connection is not required with PnP PowerShell
# the Get-PnPTenantId cmdlet accepts tenantUrls in the shape of
# * https://mytenant.sharepoint.com
# * mytenant.sharepoint.com
# * mytenant
# See Get-Help Get-PnPTenantId for more details.

param (
    [Parameter(Mandatory = $true)]
    [string] $tenantUrl
)

Get-PnPTenantId -Url $tenantUrl

Check out the PnP PowerShell to learn more at: https://aka.ms/pnp/powershell

The way you login into PnP PowerShell has changed please read PnP Management Shell EntraID app is deleted : what should I do ?

Source Credit

Sample first appeared on https://github.com/dkaaven/M365-Scripts

Contributors

Author(s)
Daniel Kåven
Reshmee Auckloo
Ganesh Sanap
Erwin van Hunen

Disclaimer

THESE SAMPLES ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.