Trying to export all Azure AD IDP Enterprise applications with their associated Users and Groups and Owners. I'm able to grab the Users and Groups but not the owners with this:
foreach($servicePrincipal in $ServicePrincipalList){
Get-AzureADServiceAppRoleAssignment -ObjectId $ServicePrincipal.objectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType | Export-Csv -Path "C:\\PSReports\\AzureAD_IDP_Apps - $date.csv" -NoTypeInformation -Append
}
which produces this: AzureAD_IDP_Apps Export Screenshot (https://i.sstatic.net/U002O.png)
Even if the application does not have any owners assigned, I'd like the report to show it.
Tried finding the PrincipalType for the "Owners" value but was unable to find it
This fixed it. When adding -join if there are multiple owners and it adds it as a single string separated by a semi-colon:
Connect-AzureAD
$date = Get-Date -Format “yyyyMMddHHmmss”
$ServicePrincipalList = Get-AzureADServicePrincipal -All $true
*foreach($servicePrincipal in $ServicePrincipalList){ *
$owners = Get-AzureADServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId | Select-Object DisplayName, UserPrincipalName*
$appRoles = Get-AzureADServiceAppRoleAssignment -ObjectId
$servicePrincipal.ObjectId | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType*
$report = $appRoles | Select-Object ResourceDisplayName, ResourceId, PrincipalDisplayName, PrincipalType*
$report | Add-Member -MemberType NoteProperty -Name “OwnerDisplayName” -Value ($owners.DisplayName -join ‘;’)*
$report | Add-Member -MemberType NoteProperty -Name “OwnerUserPrincipalName” -Value ($owners.UserPrincipalName -join ‘;’)*
$report | Export-Csv -Path “C:\PSReports\AzureAD_IDP_Apps-$date.csv” -NoTypeInformation -Append -Force*
}