Get-MgDomain: How to Retrieve and Manage Domain Details in Microsoft 365
This guide explains how to use the Get-MgDomain cmdlet in Microsoft Graph PowerShell to retrieve information about domains in your Microsoft 365 tenant. Learn how to fetch domain properties, verify domain status, and troubleshoot domain-related issues with practical examples
The Get-MgDomain cmdlet is a powerful tool in the Microsoft Graph PowerShell module designed to retrieve information about the domains in your Microsoft 365 environment. This article will cover the cmdlet syntax, usage examples, tips, possible errors and solutions, and a conclusion to provide a complete understanding of its functionality.
Prerequisites
-
Microsoft Graph PowerShell Module: Ensure you have the Microsoft Graph PowerShell module installed. You can install it using the following command:
Install-Module Microsoft.Graph -Scope CurrentUser -
Permissions: You need the appropriate permissions to execute the Get-MgDomain cmdlet. The required permissions can be either Delegated (for a signed-in user) or Application (for app-only access):
- Delegated Permissions: Directory.Read.All, Domain.Read.All
- Application Permissions: Directory.Read.All, Domain.Read.All
Cmdlet Syntax
Get-MgDomain [-DomainId <String>] [-Property <String[]>] [<CommonParameters>]Parameters:
- -DomainId: Specifies the unique identifier (domain name) of the domain.
- -Property: Specifies properties to include in the response.
Usage Examples
Retrieve All Domains
Get-MgDomainThis command retrieves all domains in the Microsoft 365 environment.
Retrieve a Specific Domain by Domain ID
Get-MgDomain -DomainId "example.com"This command retrieves information about the specified domain. Useful when dealing with multiple domains.
Retrieve Specific Properties of All Domains
Get-MgDomain -Property Id,IsVerified,IsDefaultThis command retrieves only the Id, IsVerified, and IsDefault properties of all domains.
Get All Verified Domains in the Tenant
Get-MgDomain -All | Where-Object { $_.isVerified -eq $true } | Select-Object Id, IsVerified, AuthenticationTypeThis command fetches all domains and filters out only the verified ones, displaying their ID, verification status, and authentication type. This is useful when ensuring only trusted domains are being used.
Cmdlet Tips
- Minimal Properties: Use the -Property parameter to limit the amount of data returned, which can improve performance and reduce the amount of data you need to process.
- Use -All with Filters Cautiously: When using -All, remember that the filtering happens client-side unless you use server-side parameters like -Filter. Always be cautious with large tenants, as -All can increase memory usage significantly.
- The AuthenticationType Property Reveals Domain Trust Mechanism: The AuthenticationType property can help identify if the domain uses Managed, Federated, or Unknown authentication. This is especially useful during hybrid identity setups or SSO configurations.
Possible Errors and Fixes
| Error Message | Cause | Solution |
| Invalid Domain ID | Get-MgDomain : Resource 'example.com' does not exist or one of its queried reference-property objects are not present. | Verify that the domain name is correct and exists in your Microsoft 365 environment. |
| Insufficient Permissions | Get-MgDomain : Insufficient privileges to complete the operation. | Ensure that you have the necessary permissions to execute this cmdlet. Typically, you need to be a Global Administrator or have sufficient directory read permissions. |
| Invalid Filter Syntax | Get-MgDomain : Invalid filter clause. | Verify the OData filter syntax and ensure it complies with the supported query options. Refer to the OData query documentation for more details. |
Frequently Asked Questions
1. What is Get-MgDomain used for?
Get-MgDomain is a Microsoft Graph PowerShell cmdlet used to retrieve details about the domains configured in your Microsoft 365 tenant. It provides information such as verification status, authentication type, and supported services.
2. How can I retrieve all domains in my tenant?
Use the following command to list all domains:
Get-MgDomain -All3. Can I check if a domain is verified?
Yes, you can check the verification status of a domain by retrieving the isVerified property:
Get-MgDomain | Select-Object Id, IsVerified4. How can I fetch detailed properties for a specific domain?
Use the domain’s ID to fetch its detailed properties. Example:
Get-MgDomain -DomainId "<DomainName>"5. Can I use Get-MgDomain to retrieve custom domain verification TXT records?
No. Get-MgDomain only provides basic domain information like ID, verification status, authentication type, etc. To retrieve DNS records for domain verification, use Get-MgDomainVerificationDnsRecord.
6. How can I list only the default domain using Graph PowerShell?
You can run the following command. It returns the domain marked as default in your Microsoft 365 tenant.
Get-MgDomain -All | Where-Object { $_.isDefault -eq $true }AuthenticationType to Determine Domain TypeThe
Get-MgDomain cmdlet includes an AuthenticationType property that indicates whether a domain is Managed (cloud-only) or Federated (using AD FS or another identity provider).This is useful for troubleshooting login flows and planning hybrid or identity migration scenarios.
Before assigning a domain to users, ensure that its
IsVerified property is True and its Status is Active.Using an unverified or pending domain can lead to errors during user creation, email setup, or synchronization.
Conclusion
The Get-MgDomain cmdlet is a versatile and essential tool for managing and retrieving information about domains in a Microsoft 365 environment. By understanding its syntax, usage examples, tips, and how to handle possible errors, you can efficiently manage domain-related tasks. Leveraging this cmdlet allows for better insights and management of your organization's domain configurations.
Related Articles:
Using Get-MgDirectoryRole in Graph PowerShellUsing Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell