azurepowershellmicrosoft-entra-identra

How to list all directory extension definitions within an Entra ID tenant?


How to list all directory extension definitions within an Entra ID tenant.

Get-MgDirectoryObjectAvailableExtension returns only a few directory extension definitions originating from multi-tenant applications:

Return all directory extension definitions that have been registered in a directory, including through multi-tenant apps.

In particular, directory extension definitions created on an application in the tenant aren't returned. They are returned by Get-MgApplicationExtensionProperty -ApplicationId ApplicationId, which requires an application ID.

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.directoryobjects/get-mgdirectoryobjectavailableextensionproperty?view=graph-powershell-1.0

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.applications/get-mgapplicationextensionproperty?view=graph-powershell-1.0

enter image description here


Solution

  • To list all directory extension definitions within a Microsoft Entra ID tenant, make use of below PowerShell script as a workaround:

    # Retrieve all applications in the tenant
    $applications = Get-MgApplication
    $allExtensions = @()
    
    # Loop through each application to get its extension properties
    foreach ($app in $applications) {
        $extensions = Get-MgApplicationExtensionProperty -ApplicationId $app.Id
        $allExtensions += $extensions
    }
    
    # Retrieve available extension properties for directory objects
    $directoryExtensions = Get-MgDirectoryObjectAvailableExtensionProperty
    
    # Combine both results
    $allExtensions += $directoryExtensions
    $allExtensions
    

    enter image description here