Forum Discussion
need help on list of Azure entra id groups associated for the appid / registered application
I need to write a script to list groups associated with application using PowerShell , please help
Hello againvenkatchandra2024 !
If you run the following instead then you will get the Name of the group or user that is assigned to the application in a nice list 🙂
Connect-MgGraph -Scope "Application.Read.All" $ServicePrincipalId = "<YourEnterpriseAppObjectID>" Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId | select PrincipalDisplayName, PrincipalTypeSo all you need to edit is the last command. And your output will look like this
Let me know how it goes!
Kind Regards
Oliwer Sundgren
8 Replies
- Thank you for your response, I am getting error , really appreciate for your response
Connect-AzureAD
ServicePrincipalId = "294bc209-xxxxxxxxxxxxxxxxxxxxxxxxxxx"
Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId
Connect-AzureAD : The 'Connect-AzureAD' command was found in the module 'AzureAD', but the module could not be loaded. For more information, run 'Import-Module AzureAD'.
At line:1 char:1
+ Connect-AzureAD
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
ServicePrincipalId : The term 'ServicePrincipalId' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:2 char:1
+ ServicePrincipalId = "294bc209-d89e-4f91-a346-31fe83b64c3d"
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (ServicePrincipalId:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-MgServicePrincipalAppRoleAssignedTo : Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.
At line:3 char:61
+ ... icePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-MgServicePrincipalAppRoleAssignedTo], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Get-MgServicePrincipalAppRoleAssignedTo
here is the script I am running.No worries! 🙂 venkatchandra2024
You will need to connect to Graph and not Azure AD.
Try and run the following lines and it should work 🙂
If you get an error that you dont have permissions let me know and I will guide you on how to grant your account the needed accesses
Connect-MgGraph -Scope "Application.Read.All" $ServicePrincipalId = "<YourEnterpriseAppObjectID>" Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId- Thank you for the response this query returning result witth PrincipleId and Princle type, I want group names for an application , removed retuned data
DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType
--------------- -- --------- --------------- -------------------- ----------- -------------
Hellovenkatchandra2024 !
You should be able to do this with a Graph API call.
Try doing a GET to the following
Replace [ID] with the actual Object ID of the Enterprise App you want to check
https://graph.microsoft.com/beta/servicePrincipals/[ID]/appRoleAssignments
for example
https://graph.microsoft.com/beta/servicePrincipals/0000000-0000-0000-0000-000000000000/appRoleAssignments
Let me know if this helps or if you need further assistance!
Kind Regards
Oliwer Sundgrenoliwer_sundgren Thank you for the response, I will try through Rest.
I am still wanting to write PowerShell program using Azure graph due to access issues
No problem venkatchandra2024 hope it helps 🙂
If you want to do it with a Graph Powershell cmdlet then you could try the following
$ServicePrincipalId = "<YourEnterpriseAppObjectID>"
Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalIdIf this works for you feel free to mark my response as "Best response"
Cheers
Oliwer Sundgren
