{"id":11,"date":"2021-05-20T08:52:00","date_gmt":"2021-05-20T08:52:00","guid":{"rendered":""},"modified":"2021-09-23T18:05:30","modified_gmt":"2021-09-23T16:05:30","slug":"azure-active-directory-commands","status":"publish","type":"post","link":"http:\/\/panahy.nl\/index.php\/2021\/05\/20\/azure-active-directory-commands\/","title":{"rendered":"Azure Active Directory Commands"},"content":{"rendered":"<p>You may request to read registrations in AAD even if you have not enough permissions to do that from the Azure Portal. You can, for example request the name of the groups you are in, or even the members of a group or an application.<\/p>\n<p>First thing you need to do in PowerShell is to make sure you have Azure AD module installed. Then you need to log into your Azure AD<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\"># Connect to Azure AD\r\nConnect-AzureAD\r\n# In case Connect-AzureAD is not recognized as a cpommandlet, install it:\r\n# Install-Module AzureAD -Force\r\n\r\nNow you can query the AAD. The followi<\/pre>\n<p>Now you can query the AAD. The following are some samples:<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\"># Get the name of applications that I have been part of?\r\nGet-AzureADUser -SearchString \"Pouya Panahy\" | Get-AzureADUserAppRoleAssignment -All $true\r\n\r\n# Get the list of groups that I am part of\r\nGet-AzureADUser -SearchString \"Pouya Panahy\" `\r\n  | Get-AzureADUserMembership -All $true `\r\n  | Sort-Object -Property DisplayName \r\n\r\n# Where am I direct descendent from\r\nGet-AzRoleAssignment -SignInName 'p.panahy@company.nl'\r\n\r\n# Show all rights I've got\r\nGet-AzRoleAssignment -SignInName 'p.panahy@company.nl' -ExpandPrincipalGroups  `\r\n | Sort-Object -Property DisplayName `\r\n | Select-Object ObjectType, RoleDefinitionName, DisplayName, Scope `\r\n | Format-Table\r\n\r\n# Is my application registered?\r\nGet-AzureADUser -SearchString \"Pouya Panahy\" `\r\n | Get-AzureADUserCreatedObject -All $true `\r\n | Sort-Object -Property ObjectType `\r\n | Select-Object ObjectType, AppId, DisplayName, HomePage, IdentifierUris `\r\n | Format-Table\r\n\r\n# Looking for an application that some one else have registered\r\nGet-AzureADServicePrincipal -All $true -Filter \"startswith(DisplayName, 'AppName')\"\r\n\r\n# Who has access to my resources in a given resource group?\r\nGet-AzRoleAssignment -Scope \"\/subscriptions\/xxxxxxxx-xxxx-xxxx-dxxx-xxxxxxxxxxxx\/resourceGroups\/res-grp-name\"  `\r\n | Sort-Object -Property RoleDefinitionName, DisplayName `\r\n | Select-Object ObjectType, RoleDefinitionName, DisplayName, Scope `\r\n | Format-Table\r\n\r\n# List the members of a group\r\nGet-AzureAdGroup -All $true -SearchString 'Group Name' | Get-AzureADGroupMember<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You may request to read registrations in AAD even if you have not enough permissions to do that from the Azure Portal. You can, for example request the name of the groups you are in, or even the members of a group or an application. First thing you need to do in PowerShell is to &hellip; <a href=\"http:\/\/panahy.nl\/index.php\/2021\/05\/20\/azure-active-directory-commands\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Azure Active Directory Commands&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9,4],"tags":[],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"Pouya Panahy","author_link":"http:\/\/panahy.nl\/index.php\/author\/pouya\/"},"uagb_comment_info":0,"uagb_excerpt":"You may request to read registrations in AAD even if you have not enough permissions to do that from the Azure Portal. You can, for example request the name of the groups you are in, or even the members of a group or an application. First thing you need to do in PowerShell is to&hellip;","_links":{"self":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/11"}],"collection":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":3,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"predecessor-version":[{"id":187,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/11\/revisions\/187"}],"wp:attachment":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}