Reputation: 477
How to get the Azure AD objectid of the signed in user?
I'm trying to invoke an ARM template that requires a PrincipalId of the currently signed in user.
https://learn.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults
I've signed in using powershell, as a guest account in the organisation's AAD. When I check the resulting context, I get:
Name : [[email protected], 5f813400-5b93-43b0-af8f-5fd04714f1ef]
Account : [email protected]
SubscriptionName : SomeSubscriptionName
TenantId : e6d2d4cc-b762-486e-8894-4f5f540d5f31
Environment : AzureCloud
I'm wondering how to get the AAD ObjectId from the above, without string parsing "Name"?
Note that the documentation for the ARM Template is not very clear so not sure if [email protected] would work just as well (am assuming it's talking about a Guid).
Thank you.
Upvotes: 24
Views: 35362
Answers (6)
Reputation: 633
You can also get it using the azure cli
per @magnusnn as of version 2.37.0 you need to use
az ad signed-in-user show --query id -o tsv
az ad signed-in-user show --query objectId -o tsv
Upvotes: 30
Reputation: 5282
I am not an expert in AAD but I have found that my own personal Azure subscription unrelated to my work one returns nothing for the following command:
# does not work sometimes
(Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id
However I found that I can reliably get my user principal name (UPN) and object ID using the Az CLI to get an access token then the Microsoft Graph API to each back the user information.
$token = Get-AzAccessToken -Resource "https://graph.microsoft.com/"
$headers = @{ Authorization = "Bearer $($token.Token)" }
Invoke-RestMethod https://graph.microsoft.com/v1.0/me -Headers $headers
Upvotes: 3
Reputation: 51
The info on "Name" you are seeing is related to the subscription. Use the command below to get the objectId under "Account":
(Get-AzContext).Account.ExtendedProperties.HomeAccountId.Split('.')[0]
Upvotes: 5
Reputation: 5313
With Powershell cmdlets:
$myObjectId = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id
Upvotes: 1
Reputation: 42163
You could try Get-AzureRmADUser to get the ObjectId .
Sample:
Get-AzureRmADUser -UserPrincipalName "[email protected]"
Result:
The Id is the ObjectId, you could get it. Also, you could get it via other properties, not only -UserPrincipalName, just refer to the link of the command.
Update:
If you use a Guest account, you could try the command below.
Get-AzureADUser | ?{$_.UserType -eq "Guest"} | ?{$_.UserPrincipalName -like "*partofyouraccount*"}
Note: Before using this command, you need to install Azure AD powershell module.
Upvotes: 2
Related Questions
- Getting the Full Azure AD UserID for a local User
- How to Get Azure AD Object by Object ID Using Azure CLI
- How to get the azure account tenant Id?
- How to get user's Object ID in Azure AD B2C oauth2 login
- How do I get the ObjectID associated with the authenticated Azure service principal?
- Azure DevOps Get Current User ObjectId
- How to identify user of azure ad user uniquly
- Return users ObjectID from Get-AzureADDevice
- How to retrieve the userid from userprincipalname in azure active directory?
- How to get memberId from Azure token_id