Enumeration
Azure CLI
List groups
az ad group listGet group information
az ad group show --group <name>Get groups from EntraID
az ad group list --query "[].{osi:onPremisesSecurityIdentifier,displayName:displayName,description:description}[?osi==null]"Get synced users from on-prem
az ad group list --query "[].{osi:onPremisesSecurityIdentifier,displayName:displayName,description:description}[?osi!=null]"Get group members
az ad group member list --group <group-name> --query "[].userPrincipalName" -o tableGet which groups a group is member of
az ad group get-member-groups -g "<group-name>"Get roles assigned to the group in Azure (NOT in Entra ID)
az role assignment list --include-groups --include-classic-administrators true --assignee <group-id>List users group membership
Get-MgUserMemberOf -userid "user@domain.com" | select * -ExpandProperty additionalProperties | Select-Object {$_.AdditionalProperties["displayName"]}Get objectID from group name
az ad group show --group "My Group Display Name" --query id --output tsv(Get-MgGroup -Filter "DisplayName eq 'My Group Display Name'").Idget custom role defenitions (list all properties)
az role definition list --custom-role-only true --query "[?roleName=='Role Name']" -o jsonGraphRunner.ps1
Enum Dynamic Groups
Get-DynamicGroups -Tokens $tokensEnum groupd ID
Get-SecurityGroups -Tokens $tokensEnum UserID
Get-UserObjectID -Tokens $tokens user.one@domain.comAdd user to group
Invoke-AddGroupMember -groupId <groupid> -userId <userid>BARK
https://github.com/BloodHoundAD/BARK
Enumerate Entra groups and info about them
$Groups = Get-AllEntraGroups
$Group = $Groups | Where-Object { $_.DisplayName -eq "<interesting group>" }
$GroupInteresting Groups
Directory Readers
- Allows Entra enumeration