Get-TenantLocation

1.1

Get-TenantLocation.ps1

                                <#PSScriptInfo

.VERSION 1.1

.GUID dfcbe75b-ea2f-4593-8a86-65a40512c32c

.DESCRIPTION Retrieve tenant service location infomation 

.AUTHOR Aaron Guilmette

.COMPANYNAME Microsoft

.COPYRIGHT 2018

.TAGS tenant location

.LICENSEURI 

.PROJECTURI https://www.undocumented-features.com/2018/10/06/determining-your-office-365-tenant-location/

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES

#>

<# 

THIS CODE AND ANY ASSOCIATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY 

OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE 

IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR

PURPOSE. THE ENTIRE RISK OF USE, INABILITY TO USE, OR RESULTS FROM THE USE OF 

THIS CODE REMAINS WITH THE USER.

Author: Aaron Guilmette

        aaron.guilmette@microsoft.com

#>

<#

.SYNOPSIS

Use this script to add the tenant.mail.onmicrosoft.com proxy address to

mailboxes without the email address policy applied.

.PARAMETER Domain

Specifiess a verified domain in the tenant, such as tenant.onmicrosoft.com or

domain.com.

.NOTES

2023-02-22 - Added script build information for PSGallery

2018-10-11 - Added RealmResponseData query

2018-10-06 - Initial release

.LINK

https://www.undocumented-features.com/2018/10/06/determining-your-office-365-tenant-location/

#>

[CmdletBinding()]

Param (

    [Parameter(Mandatory = $true, ParameterSetName = 'Domain')]

    [string]$Domain,

    [string]$User

)

$RealmResponseData = Invoke-WebRequest -Uri "https://login.microsoftonline.com/getuserrealm.srf?login=user@$($Domain)&xml=1"

If ($RealmResponseData -and $RealmResponseData.StatusCode -eq 200)

{

    # Return namespace type. Valid options are Unknown, Managed, or Federated

    $NameSpaceType = ([xml]($RealmResponseData.Content)).RealmInfo.NameSpaceType

    # Check Retrieve Federation Data

    $FederationData = ([xml]($RealmResponseData.Content)).RealmInfo.FederationBrandName

    If ($NameSpaceType -eq "Federated")

    {

        $FederationEndpoint = ([xml]($RealmResponseData.Content)).RealmInfo.AuthURL.Split("/")[2]

    }

    Else

    {

        $FederationEndpoint = "Not applicable"

    }

    try

    {

        $RealmResponseData = Invoke-WebRequest -Uri "https://login.microsoftonline.com/$($Domain)/v2.0/.well-known/openid-configuration"

        $Content = $RealmResponseData.Content | ConvertFrom-Json

        $TenantData = New-Object PSObject

        $TenantData | Add-Member -MemberType NoteProperty -Name "OrganizationData" -Value $FederationData

        $TenantData | Add-Member -MemberType NoteProperty -Name "DomainName" -Value $Domain

        $TenantData | Add-Member -MemberType NoteProperty -Name "AuthType" -Value $NameSpaceType

        $TenantData | Add-Member -MemberType NoteProperty -Name "FederationEndpoint" -Value $FederationEndpoint

        $TenantData | Add-Member -MemberType NoteProperty -Name "TenantId" -Value $Content.token_endpoint.Split("/")[3]

        $TenantData | Add-Member -MemberType NoteProperty -Name "TenantRegion" -Value $Content.tenant_region_scope

        $TenantData | Add-Member -MemberType NoteProperty -Name "TenantSubRegion" -Value $Content.tenant_region_sub_scope

        $TenantData | Add-Member -MemberType NoteProperty -Name "CloudInstanceName" -Value $Content.cloud_instance_name

        $TenantData

    }

    catch

    {

        if ($_.Exception.ToString() -like "*invalid_tenant*")

        {

            "Domain $($Domain) is not a valid tenant."

        }

        else

        {

            $_.Exception.ToString()

        }

    }

}

else

{

    Write-Error -Message 'Domain could not be verified with the Azure endpoint. Please verify that the domain exists and that https://login.microsoftonline.com are reachable.'

}