Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

How to switch to other Azure AD tenant using PowerShell and Azure CLI

This is small guide shows how you can switch or change Azure Active Directory tenant using Powershell and Azure CLI. Before The first step I will show from portal how to switch or change to another domain in Azure active directory. Once you login into portal.azure.com either go into menu and select Azure Active Direcory from list or search for the same in search bar and click on it.

Microsoft Azure active directory all resources portal azure  virtual networks storage accounts virtual machines load balancers azure database sql change directory switch .png

There are 2 ways from the portal to switch to another tenant, As per the screenshot my Starting position is on the Azure Active Directory Overview page.

1st way: Click Switch tenant option.
2nd way: Click on the user id on the top right side, and choose Switch directory.

Microsoft Azure portal switch tenant Azure active directory change active directory tenant global administrator license azure ad premium tenant id external identities roles administrative units app registrations.png

In the switch tenant Select the Azure AD tenant and click switch, when you select it from Directory + subscription wizard double click the directory to choose it.

Microsoft Azure Switch tenant leave tenant make default tenant change directory subscription onmicrosoft.com powershell azurecli az change switch directory default how to.png

You can view the connected Tenant information under Azure Active directory on the Overview page.

vMicrosoft Azure active directory azuread switch tenant subscription global administrator azure ad free primary domain onmicrosoft.com azure ad connect app registrations users aMicrosoft Azure active directory azuread switch tenant subscription global administrator azure ad free primary domain onmicrosoft.com azure ad connect app registrations users and groups.pngnd groups.png

PowerShell az module

The above steps are for GUI version. I was automating few stuff and I wanted to switch to another domain. For the task I chose Powershell az module. Below Powershell cmdlets help to switch to another Azure AD.

Powershell Azure Az module Install-Package cannot convert value 2.0.0-preview to type system.version 

#Below two commands import module az and connects to Azure subscription.
Import-Module az
Connect-AzAccount

#Fetch the list of available Tenant Ids.
Get-AzTenant

#Grab the tenant Id Switch to another active directory tenant.
Set-AzContext -TenantId XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

#Test and list the users in the directory to verify.
Get-AzADUser

Microsoft Azure powershell module az connect-azaccount get-aztenant set-azcontext tenantid get-azaduser subscriptionid azuercloud userprincipalname azure active directory azuread domains environment accounts users.png

Azure CLI

Next steps are for Azure CLI, Login and get the list of added domain tenants with below commands.

#Azure CLI Login
az login
The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
You have logged in. Now let us find all the subscriptions to which you have access...
The following tenants don't contain accessible subscriptions. Use 'az login --allow-no-subscriptions' to have tenant level access.
a59fb284-02ec-4a72-a79a-4a6b6105ab9d 'vcloud-lab.com'

#List of the tenants
az account tenant list
The command requires the extension account. Do you want to install it now? The command will continue to run after the extension is installed. (Y/n): Y
Run 'az config set extension.use_dynamic_install=yes_without_prompt' to allow installing extensions without prompt.
The installed extension 'account' is experimental and not covered by customer support. Please use with discretion.
Command group 'account tenant' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Microsoft Azure active directory az login azurecloud hometenantid tenant id subscription id az account  tenant list sponsership change switch directory azuread.png

Although you can skip above two commands and directly login into required tenant, You can find Primary domain tenant name on the portal.azure.com on the Azure active directory. Just to note, I don't have subscription so I am using the parameter --allow-no-subscriptions.

az login --tenant vcloud-lab.com.onmicrosoft.com --allow-no-subscriptions

Microsoft Azure az login --tenant onmicrosoft.com microsoftonline web browser tenantid cloud name azure cloud switch directory azure active directory.png

Once login is successful on to required subscription, I can test the users list in the given Azure AD tenant.

#list of users list in selected tenant
az ad user list

Microsoft azure active directory az ad user list userprincipal name onmicrosoft.com users list switch directory azuread azurecoloud automation powershell azurecli az cli azcli cloudshell.png

Useful Articles
CREATE NEW NSG (NETWORK SECURITY GROUP - VIRTUAL FIREWALL ACL) ON MICROSOFT AZURE  
POWERSHELL - EXPORT AZURE NSG (NETWORK SECURITY GROUP) RULES TO EXCEL
MICROSOFT AZURE POWERSHELL: CREATING NEW NSG (NETWORK SECURITY GROUP)
MICROSOFT AZURE POWERSHELL: CLONING (COPING) OR IMPORTING EXISTING NSG (NETWORK SECURITY GROUP) FROM EXCEL
Part 1: Create and deploy a website with Microsoft Azure web app service plan
Part 2: Configure a custom domain in Azure Web Apps
Part 3: Uploading to Azure Web Apps Using FTP
Part 4: Add and manage TLS SSL certificates on Azure Web App

Go Back

Comment

Blog Search

Page Views

5926903

Follow me on Blogarama