How to: List all users and group permissions on Azure DevOps using Azure DevOps CLI

Vinicius Moura
Oct 20, 2020

--

This script list all users on Azure DevOps organization and which groups they belong to

An original script is available on my GitHub repository. See bellow this script:

Let’s go understand each used command.

  1. PowerShell script will receive the following parameters:
  • $PAT = Personal Access token to connect on Azure DevOps;
  • $Organization = Organization URL to list all users and permissions.

2. az devops user list = use this command to list all users on Azure DevOps organization.

az devops user list 
[--detect {false, true}]
[--org]
[--skip]
[--top]
$allUsers = az devops user list --org $Organization | ConvertFrom-Jsonforeach($au in $allUsers.members)
{
Write-Host $au.user.principalName
}

3. az devops security group membership list = use this command to list all groups that based user is contained in.

az devops security group membership list --id
[--detect {false, true}]
[--org]
[--relationship {memberof, members}]
$activeUserGroups = az devops security group membership list --id $au.user.principalName --org $Organization --relationship memberof | ConvertFrom-Json

4. After executing the script on PowerShell, will be generated a JSON file that lists all users and your respective groups.

5. After creating JSON, I connected it on Power BI, as shown bellow:

  • Groups Filter (1): filter a respective group to list users;
  • User Name (2): list a specific user;
  • Group Name (3): list group names;
  • Principal Name (4): list respective users.

--

--

Vinicius Moura
Vinicius Moura

Written by Vinicius Moura

Tech Solution Architect Manager na Accenture

Responses (2)