urlscan.io logo urlscan.io
SecurityTrails logo

svrooij.io Open in urlscan Pro
20.101.2.157  Public Scan

Back to summary
URL: https://svrooij.io/2022/05/17/extract-azure-admins/
Submission: On December 01 via manual from IN — Scanned from NL

Form analysis 0 forms found in the DOM

Text Content

Coding Stephan


Projects Search
twitter github linkedin mastodon rss


EXTRACT ALL AZURE AD ADMIN ACCOUNTS

May 17, 2022

Powershell is pretty powerful for all kind of administrative tasks, especially
if you load some extra modules. We use the AzureAD module for a lot of tasks
that can be (semi-)automated with the use of some script. In this post I
described how to extract all users from Azure AD as a regular user, and what you
should do about it.

Extracting users isn’t the only thing you can do with Azure AD powershell and
this page shows how to export all Azure AD global admins (which can be executed
by ANY user in your tenant unless you take action against that.)


INSTALL AZUREAD MODULE

Installing a module should be a breeze, for completeness, here is the command:

Install-Module AzureAD
# or just importing if previously installed
# Import-Module AzureAD



GET ALL GLOBAL ADMINS

Let’s say you want all the available users in your tenant “safely” stored in a
CSV file on your local machine.

# This will open a Microsoft login screen and save the resulting session
$session = Connect-AzureAD

# Load the correct role (change name for other role)
# or Get-AzureADDirectoryRole for all roles
$role = get-azureaddirectoryrole -Filter "DisplayName eq 'Global Administrator'"
$admins = Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId

# Show admins
$admins | Format-Table


That was easy, 4 lines of “code” and you know which user accounts have access to
all Azure AD resources in your organization.


GET ALL ADMINS SINGLE LINE OF CODE

For faster copy/pasting, here is the same code as a one-liner.

$session = Connect-AzureAD; $role = get-azureaddirectoryrole -Filter "DisplayName eq 'Global Administrator'"; Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | Format-Table



OTHER ROLES

Finding a global admin account might be really useful. If you’re targeting some
specific application, members of a different role might also be enough. Azure AD
built-in roles describes all the roles that Azure AD has built-in.

The Application Administrator is interesting since it can add additional
applications which might grant access to other parts of the directory.

Azure AD Data Extraction PowerShell
←Protect against certificate extraction - Client credentials Extract all users
with powershell and what you should do about it→
© 2023 Coding Stephan
Paper a theme by nanxiaobei