how to get the domain(s) of a 365 tenant if you have the tenant id?

Question

Currently you can get the tenant id for a given domain associated with a 365 tenant by using the GET response of https://login.microsoftonline.com/{domainname}/.well-known/openid-configuration

However, I haven't been able to find a way to take a given tenant id and get the domain(s) associated with that tenant. Is there a way to get at least the primary domain for a given tenant?

This is assuming no existing partner/reseller relationship with the given tenant, so AFAICT I can't use the id for managed tenants at https://learn.microsoft.com/en-us/graph/api/managedtenants-tenant-get?view=graph-rest-beta&tabs=http

I've tried https://login.microsoftonline.com/{tenant-id}/.well-known/openid-configuration and that gives a response, but nothing seems to include any of the tenant domains nor does it seem to include any pointers to urls that would return it AFAICT.

Answer 1

I'm using organization endpoint

https://graph.microsoft.com/v1.0/organization

It returns tenant id and verified domains

{
    "value": [
        {
            "id": "<tenant id>",
            "displayName": "Contoso",
            ...
            "verifiedDomains": [
                {
                    "capabilities": "Email, OrgIdAuthentication",
                    "isDefault": false,
                    "isInitial": false,
                    "name": "contoso.eu",
                    "type": "Managed"
                },
                {
                    "capabilities": "Email, OfficeCommunicationsOnline",
                    "isDefault": false,
                    "isInitial": true,
                    "name": "contoso.onmicrosoft.com",
                    "type": "Managed"
                },
                {
                    "capabilities": "Email, OfficeCommunicationsOnline, OrgIdAuthentication, Yammer",
                    "isDefault": true,
                    "isInitial": false,
                    "name": "contoso.com",
                    "type": "Managed"
                }
            ]
        }
    ]
}

Another option is to use findTenantInformationByTenantId

GET https://graph.microsoft.com/v1.0/tenantRelationships/findTenantInformationByTenantId(tenantId='{id}')

Response

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.tenantInformation",
    "tenantId": "xxx",
    "federationBrandName": null,
    "displayName": "Edxxx",
    "defaultDomainName": "edxxx"
}

Answer 2

The way I do this is by sending a SOAP envelope to https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc.

More specifically, I'm sending these headers:

"Content-Type:text/xml; charset=utf-8" 
'SOAPAction:"http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation"'
"User-Agent:AutodiscoverClient"

And the body of my request contains the following data (before sending, replace the <REPLACE ME> string located in the <Domain> property, with the domain of the tenant you're looking for):

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:exm="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <soap:Header>
                <a:Action soap:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation</a:Action>
                <a:To soap:mustUnderstand="1">https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc</a:To>
                <a:ReplyTo>
                        <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
                </a:ReplyTo>
        </soap:Header>
        <soap:Body>
                <GetFederationInformationRequestMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
                        <Request>
                                <Domain><REPLACE ME></Domain>
                        </Request>
                </GetFederationInformationRequestMessage>
        </soap:Body>
</soap:Envelope>

A sample response would be (the domains will be listed in the <Domains> property):

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformationResponse</a:Action>
        <h:ServerVersionInfo xmlns:h="http://schemas.microsoft.com/exchange/2010/Autodiscover" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
            <h:MajorVersion>14</h:MajorVersion>
            <h:MinorVersion>19</h:MinorVersion>
            <h:MajorBuildNumber>5532</h:MajorBuildNumber>
            <h:MinorBuildNumber>12</h:MinorBuildNumber>
            <h:Version>Exchange2011</h:Version>
        </h:ServerVersionInfo>
    </s:Header>
    <s:Body>
        <GetFederationInformationResponseMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
            <Response xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
                <ErrorCode>NoError</ErrorCode><ErrorMessage/>
                <ApplicationUri>outlook.com</ApplicationUri>
                <Domains>
                    <Domain><TENANT NAME>.onmicrosoft.com</Domain>
                    <Domain><DOMAIN></Domain>
                    <Domain><TENANT NAME>.mail.onmicrosoft.com</Domain>
                </Domains>
                <TokenIssuers>
                    <TokenIssuer>
                        <Endpoint>https://login.microsoftonline.com/extSTS.srf</Endpoint>
                        <Uri>urn:federation:MicrosoftOnline</Uri>
                    </TokenIssuer>
                </TokenIssuers>
            </Response>
        </GetFederationInformationResponseMessage>
    </s:Body>
</s:Envelope>