Azure Powershell - get owner emails for list of SPNs and EAs

Question

I was given a long list of ObjectIds. Unfortunately these ObjectIds are for both Enterprise Applications and Service Principals.

So I load the CSV file and for each ObjectId I need to

1. Determine ObjectType (EA or SPN)
2. Get the Object's DisplayName
3. Get Object's owners emails (comma separated)

The result should be CSV showing columns: ObjectId, ObjectType, DisplayName, Owners.

$csv = Import-Csv c:\data\cso-list.csv
$DisplayName=@()

foreach ($ObjectId in $csv) {
    
        $DisplayName += (Get-AzureADServicePrincipal -ObjectId $ObjectId.ID | Select-Object ObjectType, DisplayName, ObjectId)
        
        Get-AzureADServicePrincipalOwner -ObjectId $ObjectId.ID | Select Mail

        $DisplayName += Get-AzureADServicePrincipalOwner -ObjectId $ObjectId.ID | Select Mail
}

$DisplayName | Export-Csv c:\data\cso-list-done.csv

I can do it either for EA or SPN but not for both. And even when using -ErrorAction SilentlyContinue I still get an error when for example ObjectId is for EA but query is for ServicePrincipal, and vice versa.

I also tried following but it did not help.

if (!(Get-AzADApplication -ObjectId $ObjectId -ErrorAction SilentlyContinue))
{
  Get-AzureADServicePrincipal -ObjectId $ObjectId | select DisplayName
  Get-AzureADServicePrincipalOwner -ObjectId $ObjectId | Select Mail
}

if (!(Get-AzADServicePrincipal -ObjectId $ObjectId -ErrorAction SilentlyContinue))
{
  Get-AzureADApplication -ObjectId $ObjectId | Select DisplayName
  Get-AzureADApplicationOwner -ObjectId $ObjectId | Select Mail
}

Can you please advise how to handle this? I'm sure there's an easy solution but I did not find it even after several hours. Thanks!

Answer 1

Note that, Enterprise applications tab contains list of service principals. I believe your CSV file has object IDs of App registrations and service principals from Enterprise applications.

To determine the ObjectType whether it's service principal or application, you can run below PowerShell command:

Get-AzureADObjectByObjectId -ObjectId 82433924-95cf-4609-xxxxxx | fl

Response:

I have two app registrations named AppReg01 and AppReg02 with Sridevi as Owner :

In Enterprise applications tab, I have two service principals named EntApp01 and EntApp02 with Venkat as Owner:

To export required details to CSV file, I ran below PowerShell script and got response like this:

$results = @()

$objectIds = Import-Csv -Path "C:\test\csvs\file.csv" | Select-Object -ExpandProperty ID

foreach ($objectId in $objectIds) {
    $object = Get-AzureADObjectByObjectId -ObjectId $objectId

    if ($object.ObjectType -eq "Application") {
        $owner = Get-AzureADApplicationOwner -ObjectId $objectId
    }
    elseif ($object.ObjectType -eq "ServicePrincipal") {
        $owner = Get-AzureADServicePrincipalOwner -ObjectId $objectId
    }
    else {
        $owner = $null
    }

    $result = [PSCustomObject]@{
        ObjectId            = $object.ObjectId
        ObjectType          = $object.ObjectType
        DisplayName         = $object.DisplayName
        OwnerDisplayName    = if ($owner) { $owner.DisplayName } else { $null }
        OwnerEmailAddress   = if ($owner) { $owner.mail } else { $null }
    }

    $results += $result
    Write-Output "$($result.ObjectType): $($result.DisplayName)"
}

$results | Export-Csv -Path "C:\test\csvs\srioutput.csv" -NoTypeInformation

Response:

When I checked the CSV file, it has required details with columns: ObjectId, ObjectType, DisplayName, OwnerDisplayName, OwnerEmailAddress like this: