I am creating script that will create new projects in Azure devops, a part of this script is to add AAD groups to Azure Devops Groups, for permission purposes.
Problem is i am experiencing, i am unable to search as a guest global admin for the group email address, the only way is to add it via the group descriptor aadgp.blablabla (Due to security requirements, we can not make the user account that will generate these new projects as local aad accounts (opposed to inviting them as guests). )
So my only avenue to completing this script is to add the groups via the descriptor instead!
Firstly i have already tested this, by manually adding from another acccount (directly connected to the directory) the group i wanted to test with, then looked up its descriptor (aadgp.....), then removed it and re added it via Azure devops cli!
I have two questsions,
1 - does the descriptor exist before you add the group to devops, or is this generated after it is added?
2 - And if the above is its available before adding, is there any way i can find that group descriptor using a guest account (aka an account not directly connected to the directory, and invited as a guest and not as "New User"
Obivously if the first questions answer is no its not generated untill the AAD group is added into azure devops, then i will have to go back to the drawing board!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA9%3C/text%3E%3C/svg%3E)
