Forum Discussion

venkatchandra2024's avatar
venkatchandra2024
Copper Contributor
Aug 13, 2024
Solved

need help on list of Azure entra id groups associated for the appid / registered application

I need to write a script to list  groups  associated with application using PowerShell , please  help  
ad group for the appid
  • oliwer_sundgren's avatar
    oliwer_sundgren
    Aug 15, 2024

    Hello againvenkatchandra2024 ! 

     

    If you run the following instead then you will get the Name of the group or user that is assigned to the application in a nice list 🙂 

     

     

    Connect-MgGraph -Scope "Application.Read.All"
$ServicePrincipalId = "<YourEnterpriseAppObjectID>"
Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId | select PrincipalDisplayName, PrincipalType

     

     

    So all you need to edit is the last command. And your output will look like this 

     

     

    Let me know how it goes! 

     

    Kind Regards
    Oliwer Sundgren

     

oliwer_sundgren's avatar
oliwer_sundgren
Iron Contributor
Aug 14, 2024

No worries! 🙂 venkatchandra2024 

 

You will need to connect to Graph and not Azure AD. 

Try and run the following lines and it should work 🙂 

 

If you get an error that you dont have permissions let me know and I will guide you on how to grant your account the needed accesses

 

Connect-MgGraph -Scope "Application.Read.All"
$ServicePrincipalId = "<YourEnterpriseAppObjectID>"
Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId

 

venkatchandra2024's avatar
venkatchandra2024
Copper Contributor
Aug 14, 2024
Thank you for the response this query returning result witth PrincipleId and Princle type, I want group names for an application , removed retuned data
DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType
--------------- -- --------- --------------- -------------------- ----------- -------------
  • oliwer_sundgren's avatar
    oliwer_sundgren
    Iron Contributor
    Aug 15, 2024

    Hello againvenkatchandra2024 ! 

     

    If you run the following instead then you will get the Name of the group or user that is assigned to the application in a nice list 🙂 

     

     

    Connect-MgGraph -Scope "Application.Read.All"
$ServicePrincipalId = "<YourEnterpriseAppObjectID>"
Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId | select PrincipalDisplayName, PrincipalType

     

     

    So all you need to edit is the last command. And your output will look like this 

     

     

    Let me know how it goes! 

     

    Kind Regards
    Oliwer Sundgren

     

    • venkatchandra2024's avatar
      venkatchandra2024
      Copper Contributor
      Aug 15, 2024
      Thank you for the response, Can I pass Appname instedy of $ServicePrincipalId = "<YourEnterpriseAppObjectID>"

      Connect-MgGraph -Scope "Application.Read.All"
      $appName= "<YourEnterpriseAppObjectID>"
      Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $ServicePrincipalId | select PrincipalDisplayName, PrincipalType

Resources