如何使用MS Graph列出给定LiveID帐户的Azure AD实例? [英] How can I use MS Graph to list Azure AD instances for a given LiveID account?
问题描述
我有一个客户正在使用liveID帐户来管理20多个不同的Azure AD目录.
I have a customer who is using a liveID account to manage 20+ different Azure AD directories.
如何获取与此帐户关联的所有Azure AD实例的列表?
How can I get a list of all the Azure AD instances associated with this account?
我尝试使用此图形浏览器找出哪个查询是正确的,但是每次我尝试同意目录读取同意时,该工具都不接受. (它将运行,但是在检查后将清除该复选框)
I tried using this graph explorer to figure out which query was correct, however every time I tried to consent to a Directory Read consent, the tool didn't accept it. (it would run, but the checkbox would be cleared upon inspection )
我的目标是在运行时确定哪些实例具有行政许可"来访问我的租户中存储的应用程序.然后,我将提示管理员同意这些应用程序.
My goal is to determine at runtime, which instances have had "administrative consent" to access applications stored in my tenant. Then I will prompt the administrator to consent for those apps.
我被标记为MSAL和ADAL,我无法使用作为Azure AD管理员的MSFT帐户
I'm tagging as MSAL and ADAL, I can't get either to work with a MSFT Account that is an admin for Azure AD
测试
我正在使用此 MSFT示例并将其发布在当前使用ActiveDirectoryClient
的任何控制器上调试代码.此代码适用于任何AzureAD帐户.
I am using this MSFT sample and posted this debug code in on any controller that is currently using ActiveDirectoryClient
. This code works for any AzureAD account.
var pagedCollectionTenants = await client.TenantDetails.ExecuteAsync();
do
{
var tenants = pagedCollectionTenants.CurrentPage.ToList();
foreach (var tenant in tenants)
{
System.Diagnostics.Debug.WriteLine(tenant.DisplayName + " id " + tenant.ObjectId + " " +
tenant.Street + " " +
tenant.City + " " +
tenant.State + " " +
tenant.PostalCode + " " + tenant.PreferredLanguage + " " + tenant.TelephoneNumber);
System.Diagnostics.Debug.WriteLine(" ** Assigned Plans **");
foreach (var plan in tenant.AssignedPlans)
{
System.Diagnostics.Debug.WriteLine( " " + plan.AssignedTimestamp + " " + plan.ServicePlanId + " " + plan.Service + " " + plan.CapabilityStatus);
}
System.Diagnostics.Debug.WriteLine(" ** Provisioned Plans **");
foreach (var provisionedPlans in tenant.ProvisionedPlans)
{
System.Diagnostics.Debug.WriteLine(" " + provisionedPlans.CapabilityStatus + " " + provisionedPlans.ProvisioningStatus + " " + provisionedPlans.Service);
}
System.Diagnostics.Debug.WriteLine(" ** Verified Domains **");
foreach (var domain in tenant.VerifiedDomains)
{
System.Diagnostics.Debug.WriteLine(" " + domain.Type + " " + domain.Name + " " + domain.Initial + " " + domain.Id + " " + domain.Capabilities + " " + domain.@default);
}
}
pagedCollectionTenants = pagedCollectionTenants.GetNextPageAsync().Result;
} while (pagedCollectionTenants != null);
MSFT帐户的结果如下:
The results for a MSFT Account is the following:
推荐答案
如何获取与此帐户关联的所有Azure AD实例的列表?
How can I get a list of all the Azure AD instances associated with this account?
我不确定Microsoft Graph api是否公开api调用以获取与此帐户关联的所有Azure AD实例的列表.但是我在一个蔚蓝的新门户中注意到,我可以通过单击门户右上角的用户名来选择多个Windows Azure活动目录".使用Fiddler,您可以找到该门户用来获取多个Windows Azure Active Directory信息的api调用:
I am not sure whether Microsoft Graph api expose the api call to get a list of all the Azure AD instances associated with this account . But i noticed in azure new portal , i could choose Multiple Windows Azure Active Directories by clicking my user name on top right part of portal . Use Fiddler you could find api call which portal use to get multiple Windows Azure Active Directories information :
https://ms.portal.azure.com/AzureHubs/api/tenants/List
然后,您可以在应用程序的required permissions
中添加Windows Azure Service Management API
:
Then you could add Windows Azure Service Management API
in required permissions
in your app :
然后使用授权代码流,您需要通过设置resource:https://management.core.windows.net/
来获取Windows Azure Service Management API
的访问令牌.
Then using authorization code flow , you need to get access token for Windows Azure Service Management API
by setting resource :https://management.core.windows.net/
.
获取访问令牌后,可以尝试以下api调用来获取所有Azure Active Directory:
After you get the access token , you could try below api calls to get all the Azure Active Directories :
POST https://ms.portal.azure.com/AzureHubs/api/tenants/List
Authorization: Bearer xxxxx
结果:
如果您的帐户是microsft帐户,并且想要通过app进行身份验证,则可以将该帐户添加为
If your account is a microsft account and want to authenticate with app , you could add the account as external user in AAD .
这篇关于如何使用MS Graph列出给定LiveID帐户的Azure AD实例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!