skip to Main Content

In my powershell script, I have used Get-AzADApplication (from Az.resources module) to get an Enterprise Application. I can see the particular approle I am interested in (with an ID) in the result. How can I then get all the users and groups that has the appRoles?

From the portal, looks like ManagedApplications//AppRoleAssignments was used to fetch that info. What’s the powershell equivalent?

2

Answers


  1. You can use below powershell command to retrieve the application role assignments for a service principal.

    Get-AzureADServiceAppRoleAssignment -ObjectId $ServicePrincipalId

    Below image shows the users assigned the app roles.

    enter image description here

    enter image description here

    Login or Signup to reply.
  2. To get all the users and groups that has the appRoles:

    Use below command to achieve the expected results.

    For Users:

    Get-AzRoleAssignment | Where-Object {$_.objecttype -eq "User"} | select RoleDefinitionName,ObjectType,DisplayName
    

    enter image description here

    For Groups:

    Get-AzRoleAssignment | Where-Object {$_.objecttype -eq "Group"} | select RoleDefinitionName,ObjectType,DisplayName
    

    enter image description here

    Refer Get-AzRoleAssignment Azure PowerShell Command.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search