Azure-cli: --display-name-idempotent flag: az ad group create --display-name "AAD DC Administrators" --mail-nickname "AADDCAdministrators"

When working with azure cli up to now, the idempotency has been a strong feature. Not having to add conditionals and instead state desired result is great.

I would like az ad commands to work the same and not complain or create a new instance if the existing entry exists. I understand that your argument has been "if not explicitly documented as illegal to have two of the same, then create an additional one - see #8624.

While your position is logical, it unfortunately makes it harder to use the cli. I would argue that 99% of cli users would expect the above command to be idempotent and return the same result if called three times with the same input. Today it creates three groups that only differ by objectid. I understand that I can code myself around this, but that leads to ugly scripts and additional objectid lookup code. Pseudo code for current situation:

oid = az ad group show -g "group display name" + logic to extract oid from result
if not oid found
create --display-name "group display name" --mail-nickname "GroupMailName"

Since your position is that you need to make the 1% case possible rather than make the cli easy to use for the 99%, case, I have the following feature request. Allow me to specify a flag or give me a new command verb that is idempotent. This would not break existing scripts and it would allow me to write scripts that states the desired state without having to worry about if I ran the script yesterday so much.

BTW: Idempotency issues also applies to:

• az ad group member add (Just return normally is member is already added, no red error)
• az ad sp create (same thing, apply idempotency, no errors if already created)