Source user object id directly instead of with graph (Azure#42374)

azure-sdk · benbp · web-flow · commit 2493a6da4d49 · 2025-08-06T12:19:27.000-07:00
Co-authored-by: Ben Broderick Phillips &lt;bebroder@microsoft.com&gt;
diff --git a/eng/common/TestResources/New-TestResources.ps1 b/eng/common/TestResources/New-TestResources.ps1
@@ -353,15 +353,12 @@ try {
     # Make sure the provisioner OID is set so we can pass it through to the deployment.
     if (!$ProvisionerApplicationId -and !$ProvisionerApplicationOid) {
         if ($context.Account.Type -eq 'User') {
-            # Support corp tenant and TME tenant user id lookups
-            $user = Get-AzADUser -Mail $context.Account.Id
-            if ($null -eq $user -or !$user.Id) {
-                $user = Get-AzADUser -UserPrincipalName $context.Account.Id
-            }
-            if ($null -eq $user -or !$user.Id) {
+            # HomeAccountId format is '<object id>.<tenant id>'
+            $userAccountId = (Get-AzContext).Account.ExtendedProperties.HomeAccountId.Split('.')[0]
+            if ($null -eq $userAccountId) {
                 throw "Failed to find entra object ID for the current user"
             }
-            $ProvisionerApplicationOid = $user.Id
+            $ProvisionerApplicationOid = $userAccountId
         } elseif ($context.Account.Type -eq 'ServicePrincipal') {
             $sp = Get-AzADServicePrincipal -ApplicationId $context.Account.Id
             $ProvisionerApplicationOid = $sp.Id
@@ -431,17 +428,14 @@ try {
             Write-Warning "The specified TestApplicationId '$TestApplicationId' will be ignored when -ServicePrincipalAutth is not set."
         }
 
-        # Support corp tenant and TME tenant user id lookups
-        $userAccount = (Get-AzADUser -Mail (Get-AzContext).Account.Id)
-        if ($null -eq $userAccount -or !$userAccount.Id) {
-            $userAccount = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account)
-        }
-        if ($null -eq $userAccount -or !$userAccount.Id) {
+        $userAccountName = (Get-AzContext).Account.Id
+        # HomeAccountId format is '<object id>.<tenant id>'
+        $userAccountId = (Get-AzContext).Account.ExtendedProperties.HomeAccountId.Split('.')[0]
+        if ($null -eq $userAccountId) {
             throw "Failed to find entra object ID for the current user"
         }
-        $TestApplicationOid = $userAccount.Id
+        $TestApplicationOid = $userAccountId
         $TestApplicationId = $testApplicationOid
-        $userAccountName = $userAccount.UserPrincipalName
         Log "User authentication with user '$userAccountName' ('$TestApplicationId') will be used."
     }
     # If user has specified -ServicePrincipalAuth
