17

I'm trying to invoke an ARM template that requires a PrincipalId of the currently signed in user.

https://learn.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults

I've signed in using powershell, as a guest account in the organisation's AAD. When I check the resulting context, I get:

Name             : [sky.sigal@ministryof.me, 5f813400-5b93-43b0-af8f-5fd04714f1ef]
Account          : me@here.com
SubscriptionName : SomeSubscriptionName
TenantId         : e6d2d4cc-b762-486e-8894-4f5f540d5f31
Environment      : AzureCloud

I'm wondering how to get the AAD ObjectId from the above, without string parsing "Name"?

Note that the documentation for the ARM Template is not very clear so not sure if me@here.com would work just as well (am assuming it's talking about a Guid).

Thank you.

user9314395
  • 407
  • 1
  • 4
  • 13
  • That context object seems to just contain a string in the name.. But maybe there is some other cmdlet that gives the object id in a better structure? – juunas Aug 16 '18 at 06:20
  • Could my reply solve your issue? If so, please mark it as answer. If not, let me know, thanks a lot. – Joy Wang Aug 21 '18 at 01:55

6 Answers6

23

You can also get it using the azure cli

per @magnusnn as of version 2.37.0 you need to use

az ad signed-in-user show --query id -o tsv

az ad signed-in-user show --query objectId -o tsv
Eonasdan
  • 7,563
  • 8
  • 55
  • 82
Lolorol
  • 533
  • 4
  • 11
  • 5
    _NOTE:_ In version >= 2.37.0 of the Azure CLI, the Active Directory Graph API has been replaced by Microsoft Graph API, and querying `objectId` will not work anymore. Instead, one should query the `id` resulting in this command: `az ad signed-in-user show --query id -o tsv`. Reference to documentation: https://learn.microsoft.com/nb-no/cli/azure/microsoft-graph-migration – magnusnn Jun 10 '22 at 11:16
5

The info on "Name" you are seeing is related to the subscription. Use the command below to get the objectId under "Account":

(Get-AzContext).Account.ExtendedProperties.HomeAccountId.Split('.')[0]
Fabiano
  • 51
  • 1
  • 1
2

You could try Get-AzureRmADUser to get the ObjectId .

Sample:

Get-AzureRmADUser -UserPrincipalName "xxxx@xxxx.com"

Result:

enter image description here

The Id is the ObjectId, you could get it. Also, you could get it via other properties, not only -UserPrincipalName, just refer to the link of the command.

Update:

If you use a Guest account, you could try the command below.

Get-AzureADUser | ?{$_.UserType -eq "Guest"} | ?{$_.UserPrincipalName -like "*partofyouraccount*"}

enter image description here

Note: Before using this command, you need to install Azure AD powershell module.

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
  • Must be a rights thing (I'm a guest account in the organisation's AAD) -- and getting back nothing at all. Get-AzureRmADUser -UserPrincipalName "me@here.com" – user9314395 Aug 16 '18 at 10:57
  • @user9314395 Please see my update. If it solved your issue, much appreciated if you can mark it as answer. – Joy Wang Aug 17 '18 at 03:16
2

I am not an expert in AAD but I have found that my own personal Azure subscription unrelated to my work one returns nothing for the following command:

# does not work sometimes
(Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id

However I found that I can reliably get my user principal name (UPN) and object ID using the Az CLI to get an access token then the Microsoft Graph API to each back the user information.

$token = Get-AzAccessToken -Resource "https://graph.microsoft.com/"
$headers = @{ Authorization = "Bearer $($token.Token)" }
Invoke-RestMethod https://graph.microsoft.com/v1.0/me -Headers $headers

Example screenshot

Joel Verhagen
  • 5,110
  • 4
  • 38
  • 47
  • This worked for me where nothing else did when I was an external user in the AAD tenant and the normal techniques above wouldn't work – MattJeanes May 11 '22 at 12:28
  • ```(Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id``` Doesn't work because Account.Id is not (always) equal to UserPrincipalName – Pavlo K Jun 05 '23 at 12:53
1

With Powershell cmdlets:

$myObjectId = (Get-AzADUser -UserPrincipalName (Get-AzContext).Account).Id
Skrymsli
  • 5,173
  • 7
  • 34
  • 36
0

With powershell you can do:

(Get-AzADUser -SignedIn).Id
Pavlo K
  • 837
  • 9
  • 15