Using Service Principal Identity to List AD Roles

In this blog , We will explore how can we get role assignment and definitions for our organisation using service principal and save output role information to a file.

Step-1 – Log in to the virtual machine using the credentials :

ssh username@<PUBLIC_IP_ADDRESS>

Step-2 – Once connected to the lab VM, perform the az login command with the --service-principal flag to login to the Azure account or you can use directly az login  to enter the credentials via browser login:

az login --service-principal \
-u "<CLIENT_ID>" \
-p "<CLIENT_SECRET>" \
--tenant "<TENANT_ID>"

or

az login

Step-3 – List the Role Definitions and Role Assignments

List the role definitions:

az role definition list

Output the list to a file named roledetails.json

az role definition list > roledetails.json

List the role assignments and append to roledetails.json:

az role assignment list --all >> roledetails.json

Verify that the file was created successfully:

vi roledetails.json

Leave a Reply

Your email address will not be published. Required fields are marked *