How to: Include new users based on active user permissions on Azure DevOps using Azure DevOps CLI

This script will include new user on Azure DevOps based on the current permissions of an active user

Every time we hire new IT people for the team and we need to add this user on Azure DevOps, we usually rely on the profile of an existing user. If you don’t use AAD to associate these permissions, the script below is very useful to you:

An original script is available on my GitHub repository. Let’s go understand each used command.

1. PowerShell script will receive the following parameters:

• $PAT = Personal Access token to connect on Azure DevOps;
• $Organization = Organization URL to which the user will be included;
• $newUser = valid new user e-mail;
• $newUserLicenseType = License type for the user. Allowed values: {advanced, earlyAdopter, express, professional, stakeholder};
• $activeUser = active user email.

2. az devops user add = use this command to insert users on Azure DevOps.

az devops user add — email-id
 — license-type {advanced, earlyAdopter, express, professional, stakeholder}
 [ — detect {false, true}]
 [ — org]
 [ — send-email-invite {false, true}]

3. az devops security group membership list = use this command to list all groups that based user is contained in.

az devops security group membership list --id
                                         [--detect {false, true}]
                                         [--org]
                                         [--relationship {memberof, members}]

4. az devops security group membership add = use this command to insert a new user on user groups.

az devops security group membership add --group-id
                                        --member-id
                                        [--detect {false, true}]
                                        [--org]

After executing the script, the new user will have the same permissions as the user used as an example.