Using PowerShell Microsoft Graph, how can I get/retrieve the list of Owners and the 'Users and Group' assigned to the Enterprise Application or Service principal? When I tried using the below cmdlet, it threw an error about the object cannot be found. $AppDisplayName = 'WunderList' $ApplicationID = 'GUID'$ObjectID = 'GUID' Get-MgApplicationOwner -ApplicationId $ApplicationID Get-MgApplicationOwnerByRef -ApplicationId $ApplicationID Get-MgApplicationOwnerAsUser -ApplicationId $ApplicationID Get-MgApplicationOwnerAsUser -ApplicationId $ApplicationID -DirectoryObjectId $ObjectID -Property * Get-MgApplicationOwnerAsAppRoleAssignment -ApplicationId $ApplicationID Get-MgApplicationOwnerAsAppRoleAssignment -ApplicationId $ApplicationID -DirectoryObjectId $ObjectID I really appreciate any help you can provide.

Hello @EnterpriseArchitect Thank you for contacting Microsoft Azure QnA platform. I would like to share following commands which can be helpful to get the details you are looking for: { $applicationId = App-Registration-ObjectID; $servicePrincipalId = Service-Principal-ObjectID} Microsoft Graph PowerShell Commands : Get-MgBetaApplicationOwner -ApplicationId $applicationId Get-MgBetaServicePrincipalAppRoleAssignedTo -ServicePrincipalId $servicePrincipalId Get-MgBetaServicePrincipalOwner -ServicePrincipalId $servicePrincipalId Microsoft Graph API Query: https://graph.microsoft.com/beta/applications/{App-Registration-ObjectID}/owners https://graph.microsoft.com/beta/ServicePrincipals/{Service-Principal-ObjectID}/appRoleAssignedTo https://graph.microsoft.com/beta/ServicePrincipals/{Service-Principal-ObjectID}/Owners Please " Accept the answer " if the information helped you. This will help us and others in the community as well.

How can I get the Owner and the 'Users and Group' assigned to the Enterprise Application or Service principal

Accepted answer

Harpreet Singh Matharoo 7,586 Reputation points Microsoft Employee

2024-01-30T10:27:45.6066667+00:00
Hello @EnterpriseArchitect

Thank you for contacting Microsoft Azure QnA platform. I would like to share following commands which can be helpful to get the details you are looking for:

{$applicationId = App-Registration-ObjectID; $servicePrincipalId = Service-Principal-ObjectID}

Microsoft Graph PowerShell Commands:

Get-MgBetaApplicationOwner -ApplicationId $applicationId

Get-MgBetaServicePrincipalAppRoleAssignedTo -ServicePrincipalId $servicePrincipalId

Get-MgBetaServicePrincipalOwner -ServicePrincipalId $servicePrincipalId

Microsoft Graph API Query:

https://graph.microsoft.com/beta/applications/{App-Registration-ObjectID}/owners

https://graph.microsoft.com/beta/ServicePrincipals/{Service-Principal-ObjectID}/appRoleAssignedTo

https://graph.microsoft.com/beta/ServicePrincipals/{Service-Principal-ObjectID}/Owners

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

1 person found this answer helpful.
EnterpriseArchitect 4,916 Reputation points

2024-01-31T00:56:25.3733333+00:00

Hi @Harpreet Singh Matharoo , Using both the Application and Object ID like below, the command is not working?

$ApplicationID = '9e5f94bc-e8a4-4e73-b8be-9e5f94bc' $ObjectID = '0698e93c-7414-4303-a9f5-0698e93c' Get-MgBetaApplicationOwner -ApplicationId $ApplicationID Get-MgBetaApplicationOwner -ApplicationId $ObjectID

Error:

Get-MgBetaApplicationOwner : Resource '9e5f94bc-e8a4-4e73-b8be-9e5f94bc' does not exist or one of its queried reference-property objects are not present. Status: 404 (NotFound) ErrorCode: Request_ResourceNotFound Date: 2024-01-31T00:52:33 Date : Wed, 31 Jan 2024 00:52:33 GMT At line:4 char:1 + Get-MgBetaApplicationOwner -ApplicationId $ApplicationID + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ ApplicationId...ndProperty = }:<>f__AnonymousType23`10) [Get-MgBetaApplicationOwner_List], Exception + FullyQualifiedErrorId : Request_ResourceNotFound,Microsoft.Graph.Beta.PowerShell.Cmdlets.GetMgBetaApplicationOwner_List Get-MgBetaApplicationOwner : Resource '0698e93c-7414-4303-a9f5-0698e93c' does not exist or one of its queried reference-property objects are not present. Status: 404 (NotFound) ErrorCode: Request_ResourceNotFound Date: 2024-01-31T00:52:33 Date : Wed, 31 Jan 2024 00:52:33 GMT At line:5 char:1 + Get-MgBetaApplicationOwner -ApplicationId $ObjectID + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ ApplicationId...ndProperty = }:<>f__AnonymousType23`10) [Get-MgBetaApplicationOwner_List], Exception + FullyQualifiedErrorId : Request_ResourceNotFound,Microsoft.Graph.Beta.PowerShell.Cmdlets.GetMgBetaApplicationOwner_List

Harpreet Singh Matharoo 7,586 Reputation points Microsoft Employee

2024-01-31T05:17:33.96+00:00

I tried the command using Application Registration Object ID as well as Service Principal Object ID and was able to get required output:

EnterpriseArchitect 4,916 Reputation points

2024-01-31T06:04:22.2+00:00

very strange.. @Harpreet Singh Matharoo , Thank you for the update.
Sign in to comment