CODEWITHSUNDEEP
azure-devops
ppap
ppap

Reputation: 331

How to obtain descriptor identifier for a AD Group using Azure Devops REST API

Hello stackoverflow community. Is there a way for us to obtain the descriptor identifier of the AD User group? any rest api endpoint for that purpose? given that we know the exact name of the AD group

Thank you

Upvotes: 3

Views: 3415

Answers (4)

deadlydog
deadlydog

Reputation: 24434

I was able to get the group descriptor by using the Azure CLI, like this:

az devops security group list --project "Your Azure DevOps Project Name Here"

That will list all of the security groups that have been assigned a role in the team project. If you don't see your group in the list, then just go add the group to one of the permission roles in the team project (e.g. Readers) and it should show up.

From there just find your group in the list and grab its descriptor field.

Upvotes: 0

Jeff
Jeff

Reputation: 11

The descriptor lookup needs to happen at organization scope but with a [TEAM FOUNDATION] prefix. Using the Azure CLI with the devops extension:

$descriptor = az-ps devops security group list --org $org --scope organization --output json --query "graphGroups[?principalName == '[TEAM FOUNDATION]\$($groupName)'].descriptor | [0]"

Upvotes: 1

time_flies
time_flies

Reputation: 70

I had the same problem. This was my solution:

First: Graph->List API Can get Group descriptor, like this enter image description here

Second: Identities->Read Identities API

Like this: https://vssps.dev.azure.com/v-heyanhe/_apis/identities?subjectDescriptors={The descriptor From First Step}&api-version=6.0 enter image description here

Upvotes: 2

Josh Gust
Josh Gust

Reputation: 4445

Looks like you want the Graph API to list the groups and pull out the one you want. The GraphGroup object has the descriptor property.

The Samples Repo for the .net client libraries has some code to show how the api works.

        /// <summary>
        /// Returns all groups in account.
        /// </summary>
        /// <returns></returns>
        [ClientSampleMethod]
        public PagedGraphGroups GetAllGroups()
        {
            VssConnection connection = Context.Connection;
            GraphHttpClient graphClient = connection.GetClient<GraphHttpClient>();
            PagedGraphGroups groups = graphClient.ListGroupsAsync().Result;

            foreach (var group in groups.GraphGroups)
            {
                LogGroup(group);
            }

            return groups;
        }

Upvotes: 0

Related Questions