Azure-cli: Support for adding AD group owners
It looks like the Azure CLI does not support adding owners to AD groups. We have dozens of groups and being able to automate adding and removing owners as people join and leave the company or team would be very helpful.
Environment summary
Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build) / CLI version (az --version) / OS version / Shell Type (e.g. bash, cmd.exe, Bash on Windows)
Installed via Homebrew on macOS:
$ az --version
azure-cli (2.0.27)
acr (2.0.21)
acs (2.0.26)
advisor (0.1.2)
appservice (0.1.26)
backup (1.0.6)
batch (3.1.10)
batchai (0.1.5)
billing (0.1.7)
cdn (0.0.13)
cloud (2.0.12)
cognitiveservices (0.1.10)
command-modules-nspkg (2.0.1)
configure (2.0.14)
consumption (0.2.1)
container (0.1.18)
core (2.0.27)
cosmosdb (0.1.19)
dla (0.0.18)
dls (0.0.19)
eventgrid (0.1.10)
extension (0.0.9)
feedback (2.1.0)
find (0.2.8)
interactive (0.3.16)
iot (0.1.17)
keyvault (2.0.18)
lab (0.0.17)
monitor (0.1.2)
network (2.0.23)
nspkg (3.0.1)
profile (2.0.19)
rdbms (0.0.12)
redis (0.2.11)
reservations (0.1.1)
resource (2.0.23)
role (2.0.19)
servicefabric (0.0.10)
sql (2.0.21)
storage (2.0.25)
vm (2.0.26)
Python location '/usr/local/opt/python3/bin/python3.6'
Extensions directory '/Users/mideeks/.azure/cliextensions'
Python (Darwin) 3.6.4 (default, Jan 17 2018, 20:16:54)
[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
Legal docs and information: aka.ms/AzureCliLegal
mideeks
All 8 comments
Any plans to add this? or workarounds?
janbrunrasmussen
on 21 Jun 2018
As a workaround I use the PowerShell module 芦 azuread version 2.0.0.115禄, associated 芦 how to 禄 is available here : https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-settings-v2-cmdlets#manage-owners-of-groups
JamesDLD
on 24 Jul 2018
@JamesDLD PowerShell? Seriously!?! 馃槅
Oh, you are kidding right?
I hope you are kidding...
Seriously though, when are you guys fixing this? any ETA? @tjprescott ?
koalalorenzo
on 24 Jul 2018
@yugangw-msft is this a CLI issue or service limitation?
tjprescott
on 6 Aug 2018
Not a CLI/service issue. It is due to incomplete api spec.
@squillace @kamaljit are working to get the AAD graph team submit changes to fill the gap.
cc: @mayurid
yugangw-msft
on 6 Aug 2018
@noelbundick I wonder whether this inspires you. @koalalorenzo we are working on convincing the right people to do the work next week. I'll report back the results.
squillace
on 6 Aug 2018
also, this is a company willpower and resource distribution limitation. for the user, this is a CLI issue, because that's what they experience. The operation does, in fact, exist, as is evidenced by the PS support. The problem is that the CLI team doesn't have the resources to tackle the operation without the service team's efforts. Which aren't there yet.
@koalalorenzo, that's for you. I want completely clarity on this issue.
squillace
on 6 Aug 2018
This ask will be taken care of through 2 ways
- Through a new command of
az ad owner add --group GROUP --owner-object-id OWNER. This will be done next week. EDIT: for consitency, the new command isaz ad group owner add - Existing command
az ad group createwill have the current user configured as the owner, unless you opt out using--not-mine. This will be done in two weeks, as I need to update multiple commands to get the same flag supported.
yugangw-msft
on 15 Oct 2018
Related issues
derekperkins
路
3Comments
FumiakiNagano
路
3Comments
PrHar
路
3Comments
dhermans
路
3Comments
troydai
路
3Comments
Most helpful comment
This ask will be taken care of through 2 ways
az ad owner add --group GROUP --owner-object-id OWNER. This will be done next week. EDIT: for consitency, the new command isaz ad group owner addaz ad group createwill have the current user configured as the owner, unless you opt out using--not-mine. This will be done in two weeks, as I need to update multiple commands to get the same flag supported.