Assign an specific user to many projects with Azure DEVOPS CLI

To add a user to all projects in your organization using Azure DevOps CLI, you can refer to the followings.

Prerequisites

• Ensure the user has been added into your organization. If not, you can add the user from UI or using DevOps CLI az devops user add.
• You must be a member of the Project Collection Administrators group.

Steps

1. Run az devops project list to get all the project id.
2. Run az devops security group list to get the descriptor of the target group to which you want to add the user.
3. Run az devops security group membership add to add the user to the target group.

Sample

The following PowerShell scripts add the user to the Readers group of all projects. Replace the value of userEmail, organization, AZURE_DEVOPS_EXT_PAT and displayName based on your requirement.

# Define user and organization details
$userEmail = "{The user email}"
$organization = "{Org name}"

# Define Personal Access Token (PAT) as environment variable for authentication
$env:AZURE_DEVOPS_EXT_PAT = '{PAT}'

# Get list of all projects in the organization
$projects = az devops project list --organization https://dev.azure.com/$organization | ConvertFrom-Json

# Loop through each project
foreach ($project in $projects.value) {
    $projectId = $project.id

    # Get the Readers group descriptor for the project
    $groupid = az devops security group list --organization https://dev.azure.com/$organization --project $projectId --query "graphGroups[?displayName=='Readers'].descriptor| [0]"

    # Add the user to the Readers group
    az devops security group membership add --group-id $groupid --member-id $userEmail --org https://dev.azure.com/$organization
}