Public/generated/Get-KriticalUtcmAADDomain.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmAADDomain {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource AADDomain.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCAADDomain -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmAADDomain -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Entra
    Param count: 18
#>

[CmdletBinding()]
param(
        # Custom domain name.
[Parameter(Mandatory)] [string]$Id,
        # Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Microsoft Entra ID performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services.
[string]$AuthenticationType,
        # This property is always null except when the verify action is used. When the verify action is used, a domain entity is returned in the response. The availabilityStatus property of the domain entity in the response is either AvailableImmediately or EmailVerifiedDomainTakeoverScheduled.
[string]$AvailabilityStatus,
        # The value of the property is false if the DNS record management of the domain is delegated to Microsoft 365. Otherwise, the value is true. Not nullable
[bool]$IsAdminManaged,
        # True if this is the default domain that is used for user creation. There's only one default domain per company. Not nullable.
[bool]$IsDefault,
        # True if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified. Not nullable.
[bool]$IsRoot,
        # True if the domain completed domain ownership verification. Not nullable.
[bool]$IsVerified,
        # Specifies the number of days before a user receives notification that their password expires. If the property isn't set, a default value of 14 days is used.
[int]$PasswordNotificationWindowInDays,
        # Specifies the length of time that a password is valid before it must be changed. If the property isn't set, a default value of 90 days is used.
[int]$PasswordValidityPeriodInDays,
        # Present ensures the instance exists, absent ensures it is removed.
[ValidateSet('Absent','Present')] [string]$Ensure,
        # Credentials of the workload's Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Secret of the Azure Active Directory application to authenticate with.
[string]$ApplicationSecret,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'AADDomain' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters
}