Retrieve members from an Azure AD group including service principals

Question

I have an Azure AD group containing a User, a Group and a service principal. I want to retrieve them with the Azure CLI.

When trying this:

az ad group member list --group <my_group_id>

Only the User and Group details are being retrieved. I double check for the service principal being there with:

az ad group member check --group <my_group_id> --member-id <service_pricipal_id>

and it returns to true.

How can I retrieve the service principal that is part of the group as well?

Answer 1

I tried to reproduce the same in my environment and got below results

I created one Azure AD group and added one user, group and service principal as members like below:

I executed the same query in CLI and got response including service principal too like below:

az ad group member list --group <my_group_id>

Response:

Alternatively, you can run query like below and can retrieve members with their displayName and objectType by selecting specific properties:

az ad group member list --group <my_group_id> --only-show-errors --query "[].{displayName:displayName,ObjectType:objectType}" -o table

Response:

UPDATE:

Please note that, response varies based on the version of CLI we are using.

My CLI version is as below: az version

If you are using an upgraded/different version, you won't get service principals in the response as mentioned in this MS Doc

Currently service principals are not listed as group members due to staged roll-out of service principals on Graph V1.0 endpoint.

I tried to list the group members of same group using MS Graph Explorer by running query like below:

GET https://graph.microsoft.com/v1.0/groups/<my_group_id>/members

Response:

I got only user and group in the response without service principal.

You can check the below GitHub issue to know more in detail:

az ad group member list does not list service principals. Issue #22664 -GitHub by Kevin Haring