Get Azure AD Administrator Programatically

AbhinavSingh
November 23, 2022
48 views
0 votes
2 Answers

I am trying to find a way to check the AD roles attached to a user. After a lot of reading, it seems like there is no cli call that can provide this information. The workaround I am thinking is to list out all the users who have "Global Administrator" permission in the AD role. Is there an azure CLI call that can help with getting this information? I tried the calls in az ad user but none of them have the information I am looking for.

Tags: azure azure-active-directory

Answers

- GregL
- November 23, 2022 at 3:05 pm
- 0 votes
0
Here is Powershell and Graph API example how you can do that.

Login or Signup to reply.

- Sridevi
- November 23, 2022 at 3:08 pm
- 0 votes
0
I agree with @Panagiotis Kanavos, you can make use of HTTP requests by calling them from Azure CLI.

You can use below MS Graph query to get the list the users with Global Administrator role:
```
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'
```
To call the above query from Azure CLI, you can use az rest command like below:
```
az rest --method get --url "https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'"
```
I tried to reproduce the same in my environment and got below results:

I have below users in my tenant, assigned with Global Administrator role:

To get these results from Azure CLI, I ran below command:
```
az rest --method get --url "https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'"
```
Response:
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.