Azure-cli: az ad group show - prefix match means that group is not displayed if more than one group is matched

My goal was to find the objectId of a given group, i.e az ad group show --group "test-group" --query objectId -o tsv should return the oid 03596561-4ccf-a017-fad9-3dfae434d7fe and az ad group show --group "test-group-ro" --query objectId -o tsv should return the other oid 7bc4868c-4889-adc6-eb8a-38a246b65606

Well, I ran into the same problem: More than one groups match the name of 'test-group'.
I was confused, because this behave was not expected by me too.

Is this behaviour correct?

dunno.
I ended up using az ad group list and jq as json filter. For your given example, this would be something like:

az ad group list --display-name "test-group" -o json \
   | jq -r '.[]|select(.displayName == "test-group")|.objectId'`

and

az ad group list --display-name "test-group-ro" -o json \
   | jq -r '.[]|select(.displayName == "test-group-ro")|.objectId'`

Maybe this approach help's you too.

However, having a --group_regex parameter for az ad group show would be very useful. And maybe the current behave of the --group parameter should be explained in more detail.

For consistency, show command is supposed to output one item instead of a list. I can update CLI to update the error with all the matches, so you can at least select the objectId and use the show command for more information.
For general searching using display name, az ad group list is a better command to use.
Let me know if you have any comments.

I would have expected when you use the show command that you already know the specific group you want to obtain the details of, so it should return the entry for 'test-group' in the above example. So it should be an exact string match, not a string starts with.

I have to do:

az ad group show -g $(az ad group list --display-name "MyGroup" --query "[?securityEnabled ].objectId" -o tsv)

Seems that We have two groups with same name (Distribution and Security Group type), one synced from AD and second one created in AAD ? :/

I am not sure what prefix means.

Arguments
    --group -g [Required] : Group's object id or display name(prefix also works if there is a unique
                            match).

add to S164.

@lwillek You can also get the element without jq. Here is how I did it:
az ad group list --filter "displayName eq 'test-group'" --out tsv

It is not clean because you remain on the usage of list instead of show... but it works.

I agree that the result is of the show command is weird. Using the show command with the exact group should return the result.

Hi @rtcn2 , this should be fixed in our new release. You can upgrade to the latest version to solve this. I will close this issue first, you can create a new one if you have other problems. Thanks