A little help please with Get-AzADObject

Hi ktc2,

The Microsoft AzureAD module has been deprecated for quite some time now meaning it's discouraged from being used. That said, you don't need it or its replacement (the Microsoft.Graph suite of modules) for the task you're performing.

Your call to Get-AzRoleAssignment (which uses the Microsoft Az modules) produces all the resultant attributes contained in your PSCustomObject, meaning you don't have to make additional calls using any other modules.

Technically, what the data you're pulling is achievable with a single line (first example), which I'll also include in a more readable form (second example). If you decide you want more data relating to the user then that's the point at which you'd break out into leveraging the Microsoft.Graph suite of modules (specifically, the Get-MgUser or Get-MgBetaUser commandlets).

It's worth noting that if your organisation has more than one subscription, you'd need to iterate through each subscription, running this command for each.

Example command

# As a single line.
@("Owner", "Contributor", "Storage Blob Data Contributor") | ForEach-Object { Get-AzRoleAssignment -RoleDefinitionName $_ | ForEach-Object { [PSCustomObject] @{ Role = $_.RoleDefinitionName; DisplayName = $_.DisplayName; UserPrincipalName = $_.SignInName; ObjectType = $_.ObjectType; }; } } | Export-Csv -NoTypeInformation -Path "D:\Data\Temp\Forum\forum.csv";

# Again, just a little more readable.
@("Owner", "Contributor", "Storage Blob Data Contributor") | ForEach-Object {
    Get-AzRoleAssignment -RoleDefinitionName $_ | ForEach-Object {
        [PSCustomObject] @{
            Role = $_.RoleDefinitionName;
            DisplayName = $_.DisplayName;
            UserPrincipalName = $_.SignInName;
            ObjectType = $_.ObjectType;
        };
    }
} | Export-Csv -NoTypeInformation -Path "D:\Data\Temp\Forum\forum.csv";

Cheers,

Lain