![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 75%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
493 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 64%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Hi tarun k
Yes, you can use PowerShell to check which groups a user belongs to in Azure DevOps.
- You can use Azure DevOps CLI through PowerShell: Use the following command to list the groups a user belongs to:
Replaceaz devops user show --user <user-email> --org <organization-url><user-email>with the user's email address and<organization-url>with your Azure DevOps organization URL. - If you want a native PowerShell approach using the REST API:
This will give you a list of group names that the user is a member of. Make sure to replace# Required inputs $organization = "your-org-name" $project = "your-project-name" # optional, may be null for org-level $userPrincipalName = "user@example.com" $pat = "your-pat-token" # Make sure this has read permissions for Graph API # Create auth header $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$pat")) $headers = @{ Authorization = ("Basic {0}" -f $base64AuthInfo) } # Step 1: Get user descriptor $userUrl = "https://vssps.dev.azure.com/$organization/_apis/graph/users?api-version=7.1-preview.1" $response = Invoke-RestMethod -Uri $userUrl -Headers $headers -Method Get $user = $response.value | Where-Object { $_.principalName -eq $userPrincipalName } if (-not $user) { Write-Host "User not found." return } $descriptor = $user.descriptor Write-Host "User descriptor: $descriptor" # Step 2: Get groups the user is a member of $groupsUrl = "https://vssps.dev.azure.com/$organization/_apis/graph/memberships/$descriptor?direction=up&api-version=7.1-preview.1" $groups = Invoke-RestMethod -Uri $groupsUrl -Headers $headers -Method Get foreach ($group in $groups.value) { $groupDescriptor = $group.containerDescriptor # Get group details $groupDetailsUrl = "https://vssps.dev.azure.com/$organization/_apis/graph/descriptors/$groupDescriptor?api-version=7.1-preview.1" $groupInfo = Invoke-RestMethod -Uri $groupDetailsUrl -Headers $headers -Method Get Write-Output "User is a member of group: $($groupInfo.value)" }yourPATwith a valid Personal Access Token and use the correct organization and project details.
Hope this helps!
Please Let me know if you have any queries.
If you found the information helpful, please click "Upvote" on the post to let us know and consider accepting the answer as the token of appreciation. Thank You.