Share via

Get Azure Active Directory export from GitHub Action

Hagen Fritz 26 Reputation points
2022-10-05T15:10:00.06+00:00

Background

I previously created a PowerShell script that accessed my company's Active Directory and exported the file as a csv: 

   get-aduser -filter * -properties "whenCreated","DisplayName","Department","Enabled","mobile","MobilePhone","Name","Office","Title" | export-csv -path adexport.csv

To use this command, I had to install some cmdlets with: 

   Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online

Use GitHub Action

I want to automate this script with a GitHub Action. I set up the connection between GitHub and Azure following this documentation. I created the following, simplified workflow: 

   name: AzureLoginSample  
     
   on: push  
     
   jobs:  
     build-and-deploy:  
       runs-on: ubuntu-latest  
       steps:  
     
         - name: Log in with Azure  
           uses: azure/login@v1  
           with:  
             creds: '${{ secrets.AZURE_CREDENTIALS }}'  
             enable-AzPSSession: true  
     
         - name: Azure PowerShell Action  
           uses: Azure/powershell@v1  
           with:  
             inlineScript: |  
               Get-AzADUser | export-csv -path adexport.csv  
             azPSVersion: 3.1.0

When the workflow runs, the first step (log in) works just fine, but the second step fails because: 

   Get-AzADUser: /home/runner/work/_temp/415ec269-1cff-4c50-8035-c1e5181e0412.ps1:2  
   Line |  
      2 |  Get-AzADUser | export-csv -path adexport.csv  
        |  ~~~~~~~~~~~~  
        | Insufficient privileges to complete the operation.

I feel like I have the necessary permissions on the Azure side of things; the Azure application has reader and contributor permissions. I know with my original PowerShell script, I had to run as an admin - is there a way to do this with my Azure PowerShell script?

Previous Attempt

I tried to copy and paste the original PowerShell command, but the cmdlet get-aduser could not be found. When I tried to create a separate step and install the cmdlets, I was given another " cmdlet could not be found" error.

Thank you in advance and let me know if you need any clarifications.

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments
Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2022-10-05T23:12:55.497+00:00

    Hi @Hagen Fritz ,

    Please ensure that the application has permissions to read and write directory data and Directory.Read.All permissions. I believe that should resolve the error, if it does not already have those permissions.

    Also, if you haven't already, you may want to try re-installing the Azure AD Module with the command Install-Module -name AzureAD Then run Connect-AzureAD

    Sometimes the permissions take a few seconds to propagate.

    Additional reading:

    Insufficient privileges error using GetAzAdUser
    Unable to execute Get-AzADUser

    Let me know if this helps. If you still face this issue I'm happy to troubleshoot over email or open a support case to get this looked into.

    -

    If the information helped you, please Accept the answer. This will help us and other community members as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.