Posted by In this article, we are going to learn how to connect to Azure DevOps CLI and retrieve the User Info in ALL the Security Groups for each project in the Azure DevOps Organization using PowerShell
Introduction
One of the Azure DevOps Administrator’s role is to main the inventory of all the users along with their Roles in each of the Azure DevOps project they are associated with. It looks like there is no simple command to retrieve all the users along with their roles in each of projects they are associated with.
In this article, we are going to develop a simple PowerShell script which run the Azure DevOps CLI commands to retrieve the required information.
Please make sure that you have the below prerequisites installed.
Prerequisites
- Azure CLI: Install the Azure CLI version from here Installing the Azure CLI | Microsoft Learn
- Azure DevOps CLI: Install the Azure DevOps CLI using the below command
az extensions add –upgrade -n azure-devops
- Azure Login: Log into azure from the command prompt using the az login command.
- PowerShell.
Azure DevOps CLI
Let’s explore a few Azure DevOps CLI commands.
Retrieve All the Projects in the Organization
In order to work with any Azure DevOps Organization and Project, you need to setup the default Organization and Project using the below command
az devops project list –org = https://dev.azure.com/<OrgName>
Retrieve the Security Groups in the Project
Azure DevOps allows us to organize the users and their permissions on various components with the help of Security Groups. These Security groups could be treated as Roles. The following command could be used to retrieve all the Security Groups available in the given Project.
az devops security group list –org = https://dev.azure.com/<OrgName> --project=<ProjectName>
Retrieve Users from Azure DevOps Organization
The following commands returns the list of all the users available in a given Security Group. Group Descriptor is the unique identifier of the Security Group.
az devops security group membership list –id <Group Descriptor>
Create custom Security Groups
In your Azure DevOps Organization, create few Security Groups if you haven’t done yet. As shown below I have created three custom Security Groups and assigned on person in each group.
Once all the prerequisites are ready, you can run the below PowerShell script to retrieve all the users along with the respective Security Group.
$OrgUrl = "https://dev.azure.com/OrganizationName/"
$ListProjects = "az devops project list --org " + $OrgUrl
$Projects = Invoke-Expression $ListProjects | ConvertFrom-Json
$strSecurityGroupsCommand = "az devops security group list --org " + $OrgUrl
$strUsersCommand = "az devops security group membership list --id "
foreach ( $Project in $Projects.value)
{
$strSecurityGroupPerProject = $strSecurityGroupsCommand + " --project `"" + $Project.name + "`""
$SecurityGroups = Invoke-Expression $strSecurityGroupPerProject
$SecurityGroupsJson = $SecurityGroups | ConvertFrom-Json
foreach ($SecurityGroup in $SecurityGroupsJson.graphGroups)
{
$strUsersCommandtemp = $strUsersCommand + $SecurityGroup.descriptor
$Users = Invoke-Expression $strUsersCommandtemp
$UsersJson = $Users | ConvertFrom-Json
foreach ($User in $UsersJson.PsObject.Properties.Value)
{
if($User.subjectKind -ne "group")
{
Write-Host $SecurityGroup.displayName "," $User.mailAddress
}
}
}
}
Do you like this article? If you want to get more updates about these kind of articles, you can join my Learning Groups
Praveen Kumar Sreeram's Blog 
GREAT JOB!!! You save my life
LikeLike