Share via

az ad group member list not returning results

Anonymous
2022-09-08T17:27:57.17+00:00

In the version "azure-cli 2.40.0", the command "az ad group member list" returns an empty array even though the group has members, this used to work in the previous versions.

For the same combination of group and member id the command "az ad group member check" works.

Has something changed in the new version ?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Olga Os - MSFT 5,836 Reputation points Microsoft Employee
    2022-09-08T18:15:30.577+00:00

    Hello @Anonymous ,

    Welcome to the MS Q&A forum.

    I just ran the test and it worked for me:

    239156-image.png

    Could it be what you don't have all required permissions to read the data for this group or any group at all?

    Azure AD roles that can manage groups include Groups Administrator, User Administrator, Privileged Role Administrator, or Global Administrator. There you could find the list of the appropriate Azure AD roles for managing groups.

    Hope above answers your question and concern. Let me know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    Sincerely,
    Olga

    0 comments
  2. Anonymous
    2022-09-08T18:51:29.867+00:00

    Hello Olga,

    Thanks for getting back to me.

    The permissions are correct, i am executing the command using the credentials of the "Owner" of the group.

    And i can also confirm that the groups do have members(visible in azure portal), additionally when i use the "az ad group member check" command with the group id and one of the member id's , the response is "True" (FYI i use the same "Owner" credentials for both az ad group member commands)

    Warm Regards,
    Nithya Shetty

  3. Anonymous
    2022-09-08T20:09:06.753+00:00

    Hi Olga,

    I cant test the Powershell commands from the same VM as its not a windows machine.

    I was able to do the following

    • Execute the Powershell command Get-AzureADGroupMember from azure cloud shell session and as expected it works
    • I executed the command "az ad group member list" with the --debug option, i dont see any errors

    Warm Regards,
    Nithya Shetty

    0 comments
  4. Anonymous
    2022-09-08T21:27:23.36+00:00

    Hello Olga,

    With further testing i notice that the issue with "az add group member list" occurs when the groups have only service principals as members.

    I added myself to a group with fourteen service principals and then executed the command "az add group member list" and it now returns one row instead of fifteen.

    Does this help explain what the problem could be and how to resolve it ?

    Warm Regards,
    Nithya Shetty

  5. Anonymous
    2022-09-09T07:08:04.203+00:00

    Hello Olga,

    Thanks. FYI this worked on version 2.36.0 (ie i was able to use the command "az add group member list" to list service principals part of the group), unfortunately we cannot revert back to this version as we are already using 2.39.0 in other scripts).

    Looking forward to a solution, as the workaround of checking if every SPI is part of every group(using "az ad group member check") is not efficient but is the only solution i have at the moment

    Warm Regards,
    Nithya Shetty

    0 comments