Azure Active Directory Commands

You may request to read registrations in AAD even if you have not enough permissions to do that from the Azure Portal. You can, for example request the name of the groups you are in, or even the members of a group or an application.

First thing you need to do in PowerShell is to make sure you have Azure AD module installed. Then you need to log into your Azure AD

# Connect to Azure AD
Connect-AzureAD
# In case Connect-AzureAD is not recognized as a cpommandlet, install it:
# Install-Module AzureAD -Force

Now you can query the AAD. The followi

Now you can query the AAD. The following are some samples:

# Get the name of applications that I have been part of?
Get-AzureADUser -SearchString "Pouya Panahy" | Get-AzureADUserAppRoleAssignment -All $true

# Get the list of groups that I am part of
Get-AzureADUser -SearchString "Pouya Panahy" `
  | Get-AzureADUserMembership -All $true `
  | Sort-Object -Property DisplayName 

# Where am I direct descendent from
Get-AzRoleAssignment -SignInName 'p.panahy@company.nl'

# Show all rights I've got
Get-AzRoleAssignment -SignInName 'p.panahy@company.nl' -ExpandPrincipalGroups  `
 | Sort-Object -Property DisplayName `
 | Select-Object ObjectType, RoleDefinitionName, DisplayName, Scope `
 | Format-Table

# Is my application registered?
Get-AzureADUser -SearchString "Pouya Panahy" `
 | Get-AzureADUserCreatedObject -All $true `
 | Sort-Object -Property ObjectType `
 | Select-Object ObjectType, AppId, DisplayName, HomePage, IdentifierUris `
 | Format-Table

# Looking for an application that some one else have registered
Get-AzureADServicePrincipal -All $true -Filter "startswith(DisplayName, 'AppName')"

# Who has access to my resources in a given resource group?
Get-AzRoleAssignment -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-dxxx-xxxxxxxxxxxx/resourceGroups/res-grp-name"  `
 | Sort-Object -Property RoleDefinitionName, DisplayName `
 | Select-Object ObjectType, RoleDefinitionName, DisplayName, Scope `
 | Format-Table

# List the members of a group
Get-AzureAdGroup -All $true -SearchString 'Group Name' | Get-AzureADGroupMember