Microsoft Account is considered not an internal account given to Microsoft employee. Microsoft account is associated to external services such as Live Mail, Skype, Xbox or so on. When connecting to Azure AD with Microsoft Account (e.g. LiveID) , you might be get started with Connect-AzureAD to get the tenant ID. Below screen is what you might get.
You are happy to do more with some cmdlets of Azure AD module, e.g Get-AzureAdUser but you always get error message “Error occured while executing GetUsers” along with the return code “Authenticated_Unauthorized“.
Like anyone, you start searching the similar error on Google and find the answer that you need to specify the tenant ID. You then pass the tenant ID to another Connect-AzureAD with the command line below
Connect-AzureAD -TenantId "your_tenant_ID_you've_got"
After executing the command line, you get successful output like this
Account Environment TenantId TenantDomain AccountType ------- ----------- -------- ------------ ----------- email@example.com AzureCloud f8cdef31-a31e-4b4a-93e4-5f571e91255a User
You again do some cmdlets to get some Azure AD information from your AD subscription. Well, if you still follow above steps, I assure 100% you never reach to the target Azure AD. Why? In fact, when you use Connect-AzureAD and type your Microsoft Account, Azure understands by default you try to retrieve the directory where your Microsoft account belongs to. It is not the target Azure AD you need because the user principal name of the required account must be <account>@<tenant_name>.onmicrosoft.com instead of the Live ID account you enter when being asked.
If you need to connect to the target Azure AD, you must specify the correct directory ID of your AD subscription, not the Microsoft Account’s directory. The directory ID can be found via Azure Portal or use PowerShell. For those you are lazy, below script does the job.
$tenantID = (Get-AzureRmSubscription -SubscriptionName "Enterprise Subscription").TenantId Connect-AzureAD -TenantId $tenantID
When executing this script, you are asked to give Azure your credential. Right here Microsoft account can be used. I use SubscriptionName because my account is associated to multiple subscriptions.
This article is just a small tip to help you save time. Once again, if you connect to wrong directory, you will never be authenticated to execute Azure AD cmdlet against that directory.