Azure DevOps – Tips and Tricks 21 – Retrieve all users from All Security Groups in ALL Azure DevOps Projects using Azure DevOps CLI

In this article, we are going to learn how to connect to Azure DevOps CLI and retrieve the User Info in ALL the Security Groups for each project in the Azure DevOps Organization using PowerShell

Advertisements

Introduction

One of the Azure DevOps Administrator’s role is to main the inventory of all the users along with their Roles in each of the Azure DevOps project they are associated with. It looks like there is no simple command to retrieve all the users along with their roles in each of projects they are associated with.

In this article, we are going to develop a simple PowerShell script which run the Azure DevOps CLI commands to retrieve the required information.

Please make sure that you have the below prerequisites installed.

Advertisements

Prerequisites

  1. Azure CLI: Install the Azure CLI version from here Installing the Azure CLI | Microsoft Learn
  2. Azure DevOps CLI: Install the Azure DevOps CLI using the below command

az extensions add –upgrade -n azure-devops

1.Azure DevOps – Tips and Tricks – Getting Started with Azure DevOps CLI – az extensions azure-devops
  • Azure Login: Log into azure from the command prompt using the az login command.
  • PowerShell.
Advertisements

Azure DevOps CLI

Let’s explore a few Azure DevOps CLI commands.

Retrieve All the Projects in the Organization

In order to work with any Azure DevOps Organization and Project, you need to setup the default Organization and Project using the below command

az devops project list –org = https://dev.azure.com/<OrgName> 

Retrieve the Security Groups in the Project

Azure DevOps allows us to organize the users and their permissions on various components with the help of Security Groups. These Security groups could be treated as Roles. The following command could be used to retrieve all the Security Groups available in the given Project.

az devops security group list –org = https://dev.azure.com/<OrgName> --project=<ProjectName>
Advertisements

Retrieve Users from Azure DevOps Organization

The following commands returns the list of all the users available in a given Security Group. Group Descriptor is the unique identifier of the Security Group.

az devops security group membership list –id <Group Descriptor>
Advertisements

Create custom Security Groups

In your Azure DevOps Organization, create few Security Groups if you haven’t done yet. As shown below I have created three custom Security Groups and assigned on person in each group.

2.Azure DevOps – Tips and Tricks – Getting Started with Azure DevOps CLI – Security Groups

Once all the prerequisites are ready, you can run the below PowerShell script to retrieve all the users along with the respective Security Group.

Advertisements
$OrgUrl = "https://dev.azure.com/OrganizationName/"
$ListProjects = "az devops project list --org " + $OrgUrl

$Projects = Invoke-Expression $ListProjects | ConvertFrom-Json

$strSecurityGroupsCommand = "az devops security group list --org " + $OrgUrl
$strUsersCommand = "az devops security group membership list --id "

foreach ( $Project in $Projects.value)
{
    
        $strSecurityGroupPerProject = $strSecurityGroupsCommand + " --project `"" + $Project.name + "`""
       
        $SecurityGroups = Invoke-Expression $strSecurityGroupPerProject
   
        $SecurityGroupsJson = $SecurityGroups | ConvertFrom-Json
        foreach ($SecurityGroup in $SecurityGroupsJson.graphGroups)
        {
                $strUsersCommandtemp = $strUsersCommand + $SecurityGroup.descriptor
               
                $Users = Invoke-Expression $strUsersCommandtemp
                $UsersJson = $Users | ConvertFrom-Json
               
                foreach ($User in $UsersJson.PsObject.Properties.Value)
                {
                  if($User.subjectKind -ne "group")
                  {
                     Write-Host  $SecurityGroup.displayName "," $User.mailAddress
                  }
                }
        }
    
}

Do you like this article? If you want to get more updates about these kind of articles, you can join my Learning Groups

WhatsApp

Telegram

Advertisements
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s