如何使用MS Graph列出给定LiveID帐户的Azure AD实例? [英] How can I use MS Graph to list Azure AD instances for a given LiveID account?

问题描述

我有一个客户正在使用liveID帐户来管理20多个不同的Azure AD目录.

I have a customer who is using a liveID account to manage 20+ different Azure AD directories.

如何获取与此帐户关联的所有Azure AD实例的列表?

How can I get a list of all the Azure AD instances associated with this account?

我尝试使用此图形浏览器找出哪个查询是正确的，但是每次我尝试同意目录读取同意时，该工具都不接受. (它将运行，但是在检查后将清除该复选框)

I tried using this graph explorer to figure out which query was correct, however every time I tried to consent to a Directory Read consent, the tool didn't accept it. (it would run, but the checkbox would be cleared upon inspection )

我的目标是在运行时确定哪些实例具有行政许可"来访问我的租户中存储的应用程序.然后，我将提示管理员同意这些应用程序.

My goal is to determine at runtime, which instances have had "administrative consent" to access applications stored in my tenant. Then I will prompt the administrator to consent for those apps.

我被标记为MSAL和ADAL，我无法使用作为Azure AD管理员的MSFT帐户

I'm tagging as MSAL and ADAL, I can't get either to work with a MSFT Account that is an admin for Azure AD

测试

我正在使用此 MSFT示例并将其发布在当前使用ActiveDirectoryClient的任何控制器上调试代码.此代码适用于任何AzureAD帐户.

I am using this MSFT sample and posted this debug code in on any controller that is currently using ActiveDirectoryClient. This code works for any AzureAD account.

            var pagedCollectionTenants = await client.TenantDetails.ExecuteAsync();
            do
            {
                var tenants = pagedCollectionTenants.CurrentPage.ToList();
                foreach (var tenant in tenants)
                {
                    System.Diagnostics.Debug.WriteLine(tenant.DisplayName + " id " + tenant.ObjectId + " " +
                        tenant.Street + " " +
                        tenant.City + " " +
                        tenant.State + " " +
                        tenant.PostalCode + " " + tenant.PreferredLanguage + " " + tenant.TelephoneNumber);

                    System.Diagnostics.Debug.WriteLine("   ** Assigned Plans **");
                    foreach (var plan in tenant.AssignedPlans)
                    {
                        System.Diagnostics.Debug.WriteLine( "   "  + plan.AssignedTimestamp + " " + plan.ServicePlanId + " " + plan.Service + " " + plan.CapabilityStatus);
                    }

                    System.Diagnostics.Debug.WriteLine("   ** Provisioned Plans **");
                    foreach (var provisionedPlans in tenant.ProvisionedPlans)
                    {
                        System.Diagnostics.Debug.WriteLine("   " + provisionedPlans.CapabilityStatus + " " + provisionedPlans.ProvisioningStatus + " " + provisionedPlans.Service);
                    }

                    System.Diagnostics.Debug.WriteLine("   ** Verified Domains **");
                    foreach (var domain in tenant.VerifiedDomains)
                    {
                        System.Diagnostics.Debug.WriteLine("   " + domain.Type + " " + domain.Name + " " + domain.Initial + " " + domain.Id + " " + domain.Capabilities + " " + domain.@default);
                    }
                }
                pagedCollectionTenants = pagedCollectionTenants.GetNextPageAsync().Result;
            } while (pagedCollectionTenants != null);

MSFT帐户的结果如下:

The results for a MSFT Account is the following:

推荐答案

如何获取与此帐户关联的所有Azure AD实例的列表?

How can I get a list of all the Azure AD instances associated with this account?

我不确定Microsoft Graph api是否公开api调用以获取与此帐户关联的所有Azure AD实例的列表.但是我在一个蔚蓝的新门户中注意到，我可以通过单击门户右上角的用户名来选择多个Windows Azure活动目录".使用Fiddler，您可以找到该门户用来获取多个Windows Azure Active Directory信息的api调用:

I am not sure whether Microsoft Graph api expose the api call to get a list of all the Azure AD instances associated with this account . But i noticed in azure new portal , i could choose Multiple Windows Azure Active Directories by clicking my user name on top right part of portal . Use Fiddler you could find api call which portal use to get multiple Windows Azure Active Directories information :

https://ms.portal.azure.com/AzureHubs/api/tenants/List

然后，您可以在应用程序的required permissions中添加Windows Azure Service Management API:

Then you could add Windows Azure Service Management API in required permissions in your app :

然后使用授权代码流，您需要通过设置resource:https://management.core.windows.net/来获取Windows Azure Service Management API的访问令牌.

Then using authorization code flow , you need to get access token for Windows Azure Service Management API by setting resource :https://management.core.windows.net/ .

获取访问令牌后，可以尝试以下api调用来获取所有Azure Active Directory:

After you get the access token , you could try below api calls to get all the Azure Active Directories :

POST https://ms.portal.azure.com/AzureHubs/api/tenants/List
Authorization: Bearer xxxxx

结果:

如果您的帐户是microsft帐户，并且想要通过app进行身份验证，则可以将该帐户添加为

If your account is a microsft account and want to authenticate with app , you could add the account as external user in AAD .

这篇关于如何使用MS Graph列出给定LiveID帐户的Azure AD实例?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！