Forum Discussion
need help on list of Azure entra id groups associated for the appid / registered application
Hello againvenkatchandra2024 !
If you run the following instead then you will get the Name of the group or user that is assigned to the application in a nice list 🙂
Connect-MgGraph -Scope "Application.Read.All" $ServicePrincipalId = "<YourEnterpriseAppObjectID>" Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId | select PrincipalDisplayName, PrincipalTypeSo all you need to edit is the last command. And your output will look like this
Let me know how it goes!
Kind Regards
Oliwer Sundgren
Connect-AzureAD
ServicePrincipalId = "294bc209-xxxxxxxxxxxxxxxxxxxxxxxxxxx"
Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId
Connect-AzureAD : The 'Connect-AzureAD' command was found in the module 'AzureAD', but the module could not be loaded. For more information, run 'Import-Module AzureAD'.
At line:1 char:1
+ Connect-AzureAD
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Connect-AzureAD:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
ServicePrincipalId : The term 'ServicePrincipalId' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:2 char:1
+ ServicePrincipalId = "294bc209-d89e-4f91-a346-31fe83b64c3d"
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (ServicePrincipalId:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Get-MgServicePrincipalAppRoleAssignedTo : Cannot bind argument to parameter 'ServicePrincipalId' because it is an empty string.
At line:3 char:61
+ ... icePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-MgServicePrincipalAppRoleAssignedTo], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Get-MgServicePrincipalAppRoleAssignedTo
here is the script I am running.
No worries! 🙂 venkatchandra2024
You will need to connect to Graph and not Azure AD.
Try and run the following lines and it should work 🙂
If you get an error that you dont have permissions let me know and I will guide you on how to grant your account the needed accesses
Connect-MgGraph -Scope "Application.Read.All" $ServicePrincipalId = "<YourEnterpriseAppObjectID>" Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId- Thank you for the response this query returning result witth PrincipleId and Princle type, I want group names for an application , removed retuned data
DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType
--------------- -- --------- --------------- -------------------- ----------- -------------Hello againvenkatchandra2024 !
If you run the following instead then you will get the Name of the group or user that is assigned to the application in a nice list 🙂
Connect-MgGraph -Scope "Application.Read.All" $ServicePrincipalId = "<YourEnterpriseAppObjectID>" Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId | select PrincipalDisplayName, PrincipalTypeSo all you need to edit is the last command. And your output will look like this
Let me know how it goes!
Kind Regards
Oliwer Sundgren