SOLVED

How to List of Azure AD groups for a Service Principal using Power shell

%3CLINGO-SUB%20id%3D%22lingo-sub-1615235%22%20slang%3D%22en-US%22%3EHow%20to%20List%20of%20Azure%20AD%20groups%20for%20a%20Service%20Principal%20using%20Power%20shell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1615235%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20fetch%20list%20of%20Azure%20AD%20groups%20which%20are%20assigned%2F%20added%20as%20member%20for%20a%20service%20principal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20using%20below%20script%20but%20it%20is%20taking%20too%20much%20of%20time%20due%20to%20for%20loop%20each%20AD%20group%20check%2C%20Can%20you%20please%20suggest%20any%20other%20way%20we%20can%20do%20in%20optimized.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3E%24ADGroups%20%3D%20Get-AzADGroup%0Aforeach%20(%24ADGroup%20in%20%24ADGroups)%0A%7B%0A%24GroupMembers%20%3D%20Get-AzADGroupMember%20-ObjectId%20%24ADGroup.Id%20%7C%20where-Object%20%7B%24_.Type%20-eq%20%22ServicePrincipal%22%7D%0A%0A%24GroupMember%20%3D%20%24GroupMembers%20%7C%20where-Object%20%7B%24_.DisplayName%20-eq%20%22xxxxxxxxx%22%7D%0Aif(%24GroupMember)%0A%7B%0A%24string%20%3D%20%5Bpscustomobject%5D%40%7B%0A%20%20%20%20%22ServicePrincipalName%22%20%3D%20%24GroupMember.DisplayName%0A%20%20%20%20%22ADGroupName%22%20%3D%20%24ADGroup.DisplayName%0A%20%20%20%20%7D%0A%24string%0A%0A%7D%0A%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1615235%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1615778%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20List%20of%20Azure%20AD%20groups%20for%20a%20Service%20Principal%20using%20Power%20shell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1615778%22%20slang%3D%22en-US%22%3E%3CP%3EUse%20the%20Graph%20API%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fserviceprincipal-list-transitivememberof%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fserviceprincipal-list-transitivememberof%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi,

 

I want to fetch list of Azure AD groups which are assigned/ added as member for a service principal.

 

I am using below script but it is taking too much of time due to for loop each AD group check, Can you please suggest any other way we can do in optimized.

 

$ADGroups = Get-AzADGroup
foreach ($ADGroup in $ADGroups)
{
$GroupMembers = Get-AzADGroupMember -ObjectId $ADGroup.Id | where-Object {$_.Type -eq "ServicePrincipal"}

$GroupMember = $GroupMembers | where-Object {$_.DisplayName -eq "xxxxxxxxx"}
if($GroupMember)
{
$string = [pscustomobject]@{
    "ServicePrincipalName" = $GroupMember.DisplayName
    "ADGroupName" = $ADGroup.DisplayName
    }
$string

}

}
1 Reply
best response confirmed by Brahmaiah (Contributor)