I am trying to find a way to check the AD roles attached to a user. After a lot of reading, it seems like there is no cli call that can provide this information. The workaround I am thinking is to list out all the users who have "Global Administrator" permission in the AD role. Is there an azure CLI call that can help with getting this information? I tried the calls in az ad user but none of them have the information I am looking for.

CodePudding user response：

Here is Powershell and Graph API example how you can do that.

CodePudding user response：

I agree with @Panagiotis Kanavos, you can make use of HTTP requests by calling them from Azure CLI.

You can use below MS Graph query to get the list the users with Global Administrator role:

GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'

To call the above query from Azure CLI, you can use az rest command like below:

az rest --method get --url "https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'"

I tried to reproduce the same in my environment and got below results:

I have below users in my tenant, assigned with Global Administrator role:

To get these results from Azure CLI, I ran below command:

az rest --method get --url "https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'"

Response: