question

JohnHirst-9757 avatar image
0 Votes"
JohnHirst-9757 asked ·

Is there a way to download a list of users assigned to an Enterprise app in Azure?

They were added manually and I want to add them to a group so I can reuse for similar apps.

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

Hi @JohnHirst-9757

You can use below command to get object id of the service prinicpal:

Get-AzureADServicePrincipal -SearchString display_name_of_the_app

Use below cmdlet to get list of all users assigned to the application:

Get-AzureADServiceAppRoleAssignment -ObjectId object_id_from_above_cmdlet


Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Worked perfectly. Thanks!

0 Votes 0 ·
LeonLaude avatar image
1 Vote"
LeonLaude answered ·

Hi,

Something here might help:
https://stackoverflow.com/questions/39356317/get-azure-active-directory-application-users-and-roles


 # Get all service principals, and for each one, get all the app role assignments, 
 # resolving the app role ID to it's display name. Output everything to a CSV.
 Get-AzureADServicePrincipal | % {
    
   # Build a hash table of the service principal's app roles. The 0-Guid is
   # used in an app role assignment to indicate that the principal is assigned
   # to the default app role (or rather, no app role).
   $appRoles = @{ "$([Guid]::Empty.ToString())" = "(default)" }
   $_.AppRoles | % { $appRoles[$_.Id] = $_.DisplayName }
    
   # Get the app role assignments for this app, and add a field for the app role name
   Get-AzureADServiceAppRoleAssignment -ObjectId ($_.ObjectId) | % {
     $_ | Add-Member "AppRoleDisplayName" $appRoles[$_.Id] -Passthru
   }
 } | Export-Csv "app_role_assignments.csv" -NoTypeInformation

Best regards,
Leon

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can't accept both answers but pulling for all apps is very helpful as well. Thanks!

0 Votes 0 ·