Share via

Identifier URL extraction from Azure AD EA

Subhra Shankar Banerjee 0 Reputation points
2023-07-18T15:10:20.4266667+00:00

We are trying to extract Identifier URL from Azure AD Enterprise applications list. When we are using the command

"(get-azureadapplications -objectid xxxx).identifieruris", I am getting the output of all Azure AD applications which amounts to 200. But in EA, we have 600 applications which are listed which is not showing up in Azure AD applications commands.

To get the list of URL, I am using the commend as "(get-azureadserviceprinciples -objectid xxxx).identifieruris", but it is not giving any output. How to fix this ?

Windows for business Windows Server User experience PowerShell
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,621 Reputation points Microsoft Employee Moderator
    2023-07-19T08:58:10.17+00:00

    @Subhra Shankar Banerjee Thank you for reaching out to us, As I understand you are trying to extract the identifieruris information for an application using this command Get-AzureADServiceprincipal.

    This attribute identifieruris is available only for the apps which are registered in Azure AD ( i.e. App registration section of Azure AD).

    What is the difference between App registration & Enterprise Application - https://learn.microsoft.com/en-us/answers/questions/270680/app-registration-vs-enterprise-applications refer to this QnA post where one of my colleague explained this in detailed.

    Reference: https://www.youtube.com/watch?v=WVNvoiA_ktw - Azure AD App Registrations, Enterprise Apps and Service Principals

    Identifieruris are visible to the apps which are registered via App registration section of Azure AD/within the app registration look for app manifest option where you will find all the settings of the application.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

  2. Limitless Technology 44,746 Reputation points
    2023-07-19T12:15:06.4433333+00:00

    Hello there,

    IdentifierUris property should provide the list of URLs associated with the Enterprise Application. However, the correct PowerShell cmdlet for retrieving the list of URLs is Get-AzureADServicePrincipal, not Get-AzureADServicePrinciples.

    Here's the correct PowerShell command to get the list of Identifier URLs for an Azure AD Enterprise Application:

    powershell

    Copy code

    $objectId = "xxxx" # Replace "xxxx" with the Object ID of your Enterprise Application

    $ea = Get-AzureADServicePrincipal -ObjectId $objectId

    $identifierUrls = $ea.IdentifierUris

    Write-Host "Identifier URLs: $identifierUrls"

    Please ensure that you replace "xxxx" with the actual Object ID of your Enterprise Application. If you are still not getting any output, it's possible that there are no Identifier URLs defined for that specific Enterprise Application.

    You can also check the complete properties of the Enterprise Application to see if the IdentifierUris property is available and contains the desired URLs.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.