script to fetch Azure AD Applications and associated user and groups details in the tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-150500%22%20slang%3D%22en-US%22%3Escript%20to%20fetch%20Azure%20AD%20Applications%20and%20associated%20user%20and%20groups%20details%20in%20the%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-150500%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20help%20in%20fetching%20user%20and%20group%20details%20for%20all%20the%20registered%20application%20in%20Azure%20Tenant%20to%20csv.%3C%2FP%3E%0A%3CP%3EI%20was%20successful%20in%20listing%20out%20the%20applications%20using%20Get-AzureADApplication.%20But%20unable%20to%20get%20the%20user%20and%20group%20related%20properties%20for%20the%20listed%20applications.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%24_.AppRoles%20gives%20the%20display%20name%20as%20%22User%22%20but%20not%20%22xyz%40contoso.com%22%20Please%20advise.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%2C%3C%2FP%3E%0A%3CP%3ESivapratap%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-150500%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20PowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-150672%22%20slang%3D%22en-US%22%3ERe%3A%20script%20to%20fetch%20Azure%20AD%20Applications%20and%20associated%20user%20and%20groups%20details%20in%20the%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-150672%22%20slang%3D%22en-US%22%3E%3CP%3EYour%20best%20option%20is%20to%20use%20the%20Get-AzureADServicePrincipal%20cmdlet%20-%26nbsp%3BGet-AzureADApplication%20only%20returns%20applications%20your%20company%20has%20registered.%20As%20for%20the%20permissions%2Fuser%20assignments%2C%20Get-AzureADServicePrincipalOAuth2PermissionGrant%20is%20a%20good%20start%2C%20then%20you%20can%20add%20the%20missing%20information%20via%20other%20cmdlets.%20I%20have%20a%20sample%20script%20for%20this%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2FAzure-AD-Integrated-44658ec2%3Fredir%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgallery.technet.microsoft.com%2FAzure-AD-Integrated-44658ec2%3Fredir%3D0%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi Team,

 

Please help in fetching user and group details for all the registered application in Azure Tenant to csv.

I was successful in listing out the applications using Get-AzureADApplication. But unable to get the user and group related properties for the listed applications.

 

$_.AppRoles gives the display name as "User" but not "xyz@contoso.com" Please advise.

 

Regards,

Sivapratap 

1 Reply

Your best option is to use the Get-AzureADServicePrincipal cmdlet - Get-AzureADApplication only returns applications your company has registered. As for the permissions/user assignments, Get-AzureADServicePrincipalOAuth2PermissionGrant is a good start, then you can add the missing information via other cmdlets. I have a sample script for this here: https://gallery.technet.microsoft.com/Azure-AD-Integrated-44658ec2?redir=0