TransWikia.com

How to get management groups and subscriptions from different AAD tenant?

Stack Overflow Asked on December 13, 2021

Azure

I have two AAD(Azure Active Directory) in my account.

Entities in first AAD: ['Tenant Root Group', 'group A', 'subGroup B', 'Microsoft Partner Network', 'subscription 2']

Entities in second AAD: ['Tenant Root Group', 'subscription 3']

Python

I’m trying to use python azure SDK to get management groups and subscriptions per directory.

The code below can list entities in first directory, but other entities in second directory does not listed as my expectation.

Does anyone know how to get all entities in both directories?

Code

from azure.mgmt.managementgroups import ManagementGroupsAPI
from msrestazure.azure_active_directory import UserPassCredentials


def get_entities(credentials):
    mgmt_groups_api = ManagementGroupsAPI(credentials)
    entities = mgmt_groups_api.entities.list()
    entity_infos = [entity for entity in entities]
    entity_names = [entity.display_name for entity in entity_infos]
    print(entity_names)


def main():
    credentials = UserPassCredentials(
        'account',
        'password',
    )
    get_entities(credentials)


if __name__ == '__main__':
    main()

Output

['Group A', 'subGroup B', 'subGroup C', 'subscription 1', 'subscription 2']

2 Answers

Thanks @juunas for pointing out what this question really need and @Joy Wang provide an API solution to get tenant list by account.

API solution

Thanks @juunas again, by using Tenants - List API we can easily listing tenants. (For more detail please take a look at his answer.)

I think it is a great general way to solve this question.

Azure SDK for Python solution

Fortunately, I found Azure SDK for Python have provide SubscriptionClient which allow me to list tenants programmatic.

This is how I list tenants in Python:

def get_tenants() -> [TenantIdDescription]:
    credentials = UserPassCredentials(
        'account',
        'password',
    )
    sub_client = SubscriptionClient(credentials)
    tenants = sub_client.tenants.list()
    return tenants

Combine SubscriptionClient into origin code

from azure.mgmt.managementgroups import ManagementGroupsAPI
from azure.mgmt.resource import SubscriptionClient
from msrestazure.azure_active_directory import UserPassCredentials

azure_account = ''
azure_pwd = ''

def get_credential(tenant_id: str = None):
    if tenant_id:
        return UserPassCredentials(
            azure_account,
            azure_pwd,
            tenant=tenant_id
        )
    else:
        return UserPassCredentials(
            azure_account,
            azure_pwd,
        )


def get_entities(tenant_id=None):
    credentials = get_credential(tenant_id)

    mgmt_groups_api = ManagementGroupsAPI(credentials)
    entities = mgmt_groups_api.entities.list()
    entity_infos = [entity for entity in entities]
    entity_names = [entity.display_name for entity in entity_infos]
    print(f'    entities: {entity_names}')


def get_tenants():
    credentials = get_credential()
    sub_client = SubscriptionClient(credentials)
    tenants = sub_client.tenants.list()
    return tenants


def main():
    tenants = get_tenants()

    i = 0
    print('[tenant list]')
    for tenant in tenants:
        print(f'tenant {i}:')
        print(f'    name:     {tenant.display_name}')
        print(f'    id:       {tenant.tenant_id}')
        get_entities(tenant.tenant_id)
        print()
        i = i + 1


if __name__ == '__main__':
    main()

output

[tenant list]
tenant 0:
    name:     tenant1
    id:       00000000-0000-0000-0000-000000000000
    entities: ['Tenant Root Group', 'group A', 'subGroup B', 'Microsoft Partner Network', 'subscription 2']

tenant 1:
    name:     tenant2
    id:       00000000-0000-0000-0000-000000000000
    entities: ['Tenant Root Group', 'subscription 3']

Answered by someone on December 13, 2021

I think @juunas's comment is correct, you need to specify the tenant when you use the credential.

I think the problem becomes 'how to get a list of AAD tenant id'

You could use this REST API - Tenants - List to get the tenants for your account.

GET https://management.azure.com/tenants?api-version=2020-01-01

After getting the tenant id, specify the tenant in the user credential, make sure you used a work account without MFA(organization account, not personal account), the user credential uses the ROPC flow which will not work with personal account.

Answered by Joy Wang on December 13, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP