Get-AzureRmADApplication shows no permissions

Question

I created a test application in the Azure portal (https://portal.azure.com). In Visual Studio 2015 I have PowerShell and can execute:

Get-AzureRmADApplication

I am getting the following output:

DisplayName             : test
ObjectId                : ...
IdentifierUris          : ...
HomePage                : ...
Type                    : Application
ApplicationId           : ...
AvailableToOtherTenants : False
AppPermissions          : 
ReplyUrls               : ...

The list of "AppPermissions" is empty, though in Azure Portal I have given "test" all permissions that were available.

I am using PowerShell 3.0.399.0. At least this is what Get-Host reports:

Name             : PowerShell Tools for Visual Studio Host
Version          : 3.0.399.0
InstanceId       : d7bb788e-e342-41fb-a78b-cad36f940aae

If I am using: Get-AzureADApplication -Filter "DisplayName eq 'test'" I am getting:

[ERROR] Get-AzureADApplication : Error occurred while executing GetApplications 
[ERROR] Code: Authentication_Unauthorized
[ERROR] Message: User was not found
[ERROR] HttpStatusCode: Forbidden
[ERROR] HttpStatusDescription: Forbidden
[ERROR] HttpResponseStatus: Completed

Any ideas? How to get the permissions for application "test" in PowerShell? Why is this not working for me?

BR, Rene

Answer 1

For now, the AD application permission is built on OAuth 2.0, we can use this script to get the permissions:

PS C:\Users> Get-AzureADApplication | where{ $_.displayname -eq 'jasonweb' } | fl *


DeletionTimeStamp          :
ObjectId                   : 6b11xxxx-xxxx-xxxx-xxxx-xxx9e59532e
ObjectType                 : Application
AddIns                     : {}
AppId                      : efc18xxx-xxxx-xxxx-xxxx-xxxx401dc6bc
AppRoles                   : {}
AvailableToOtherTenants    : False
DisplayName                : jasonweb
ErrorUrl                   :
GroupMembershipClaims      :
Homepage                   : http://jasontest321.azurewebsites.net
IdentifierUris             : {https://XXXXXXXXXX.onmicrosoft.com/9d1xxxxx-xxxx-xxxx-xxxx-xxxxcecab763}
KeyCredentials             : {}
KnownClientApplications    : {}
LogoutUrl                  :
Oauth2AllowImplicitFlow    : False
Oauth2AllowUrlPathMatching : False
Oauth2Permissions          : {class OAuth2Permission {
                               AdminConsentDescription: Allow the application to access jasonweb on behalf of the signed-in user.
                               AdminConsentDisplayName: Access jasonweb
                               Id: acecxxxx-xxxx-xxxx-xxxx-xxxxd1a04466
                               IsEnabled: True
                               Type: User
                               UserConsentDescription: Allow the application to access jasonweb on your behalf.
                               UserConsentDisplayName: Access jasonweb
                               Value: user_impersonation
                             }
                             }
OAuth2RequiredPostResponse :
PasswordCredentials        : {}
PublicClient               : False
RecordConsentConditions    :
ReplyUrls                  : {http://jasontest321.azurewebsites.net}
RequiredResourceAccess     : {class RequiredResourceAccess {
                               ResourceAppId: 00000003-0000-0000-c000-000000000000
                               ResourceAccess: System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.ResourceAccess]
                             }
                             , class RequiredResourceAccess {
                               ResourceAppId: 00000002-0000-0000-c000-000000000000
                               ResourceAccess: System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.ResourceAccess]
                             }
                             }
SamlMetadataUrl            :

Note: This command belong to Azure Active directory version 2.0.

More information about install Azure Active Directory V2 powershell module, please refer to this link.