Get the list of the Global Administrator role

[skidrow88]

Problem The az cli role assignment list command do not allow to get Directory Roles affected to AD users such as "Global reader" or "Global Administrator". (see https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles)

The expected solution Get the members of any Directory Roles with azure-cli

The current alternative It seems only PowerShell could do it currently.

[jsntcy]

@jiasli , please help take a look.

[skidrow88]

Any news about this ticket ?

[jiasli]

"Global reader" and "Global Administrator" are AAD permissions. The PowerShell command you mentioned I believe is Get-AzureADDirectoryRoleMember from AzureAD module. az role is for Azure RBAC role assignment instead. Azure CLI doesn't support AD role assignment/member list operation.

Per my rough research, you may use az rest directly on AD Graph Role Assignment REST API or MS Graph List members REST API. I haven't tested the detailed usage of them. You may create an Azure support ticket to AAD team to get more help.

[orangenagy]

This was closed - was there a plan to incorporate this feature into az cli?

[jiasli]

Let me mark this issue as feature request and see how we can deal with it during MS Graph integration (#12946), or maybe using the MS Graph CLI.

[dandunckelman]

Having this incorporated into the Azure CLI would be mighty helpful.