How to get AD user for Azure subscription Classic Administrators?

1
votes

My goal is to get the Azure AD users who have been assigned the Classic Administrator role in an azure subscription. I use the REST api's Classic Administrators - List to retrieve all classic admins but it returns an Email which is not unique enough and an ID called netId/puid which is not present on the user returned from the Graph API.

I followed the Azure Portal's network to see how it gets the users for AAD but it queries the Graph API with an internal API version '1.61-internal' that I can't use.

Does anyone know on a way to retrieve this information?

Thanks

1
azureazure-active-directorymicrosoft-graph-apiazure-ad-graph-api
I think you can go to azure portal -> subscription -> your target sub -> access control -> Classic adminsitrators to see all the users who has this role. By the way, you may use fiddler to catch the http request to gather how the website get these users.tiny-wa
Like I stated in my question the http request the portal does uses an API version "1.61-internal" that I am unable to use from my application, The supported version (1.6) does not return the values I need :(Nitmetic

1 Answers

0
votes

There is not an exposed API to match netId/puid with users.

But you can get the puid from the access token.

Or you could use Microsoft 365 Powershell cmdlet Get-MsolUser -UserPrincipalName "{upn}" | fl to get the user and find the LiveId property.

Record the puid or LiveId above and the corresponding user information to your local configuration file and match them with the name property in response of Classic Administrators - List.

Then you can get the corresponding users who are classic Administrators.

It's just a workaround and there are many workloads. I don't think it is a good method but there is no other way.