Resolve directory users that Azure ClassicAdministrators

Question

I'm trying to list all the permissions of users in an Azure subscription using Microsoft.Authorization API and I faced an issue with the ClassicAdministrators API.
The API returns the user's email address and PUID and since the email is not reliable and PUID is inaccessible there is no way to identify the directory user.

I tried several ways to get a solution to this issue but without success so far.

Graph-API said that the PUID is obsolete and that the Authorization API should return the User's ObjectId instead.
I need to get the User ObjectId for Classic Administrators in an Azure subscription while authenticated as an application.
Same as I do for getting the Azure Authorization RoleAssignments.

Can someone fix the ClassicAdministrators API or offer a solution for this issue?
Thank you,
Nitzan

Answer

Hello @Anonymous ,

Thanks for reaching out.

The ClassicAdministrators API only returns email address and PUID as of now.

Sample:
{"value":[{"properties":{"emailAddress":"abc@outlook.com","role":"ServiceAdministrator"},"id":"/subscriptions/9xxx7b-f0e7-4xx0-9038-abxxxd95e7c/providers/Microsoft.Authorization/classicAdministrators/00034001AC4EF0DD","type":"Microsoft.Authorization/classicAdministrators","name":"00034001AC4EF0DD"}]}

I would recommend you to please comment and/or up-vote the below user voice items to increase the priority of feature implementation.

https://feedback.azure.com/forums/34192--general-feedback/suggestions/42848946-add-puid-netid-to-user-resource

Resolve directory users that Azure ClassicAdministrators

1 answer