Get-AzureADServicePrincipal

In this Azure PowerShell article, we will discuss the syntax and usage of the Get-AzureADServicePrincipal PowerShell command with examples of how to use this command.

Get-AzureADServicePrincipal

This PowerShell command helps you retrieve the service principal list from your Azure Active Directory.

Syntax

Below is the syntax of the Get-AzureADServicePrincipal PowerShell command.

Get-AzureADServicePrincipal
Get-AzureADServicePrincipal -ObjectId <String>

Let’s discuss a few examples of how to use the Get-AzureADServicePrincipal PowerShell command.

Get-AzureADServicePrincipal Examples

Example-1:

You can execute the below command to get the lists of service principals from your Azure Active Directory.

Get-AzureADServicePrincipal

After executing the above command, I got the below-expected output.

DeletionTimestamp                  : 
ObjectId                           : 0182eca8-38a2-434b-ac2a-1a26c43f401c
ObjectType                         : ServicePrincipal
AccountEnabled                     : true
AddIns                             : {}
AlternativeNames                   : {}
AppDisplayName                     : Marketplace Reviews
AppId                              : a4c1cdb3-88ab-4d13-bc99-1c46106f0727
AppOwnerTenantId                   : f8cdef31-a31e-4b4a-93e4-5f571e91255a
AppRoleAssignmentRequired          : False
AppRoles                           : {}
DisplayName                        : Marketplace Reviews
ErrorUrl                           : 
Homepage                           : 
KeyCredentials                     : {}
LogoutUrl                          : 
Oauth2Permissions                  : {}
PasswordCredentials                : {}
PreferredTokenSigningKeyThumbprint : 
PublisherName                      : Microsoft Services
ReplyUrls                          : {}
SamlMetadataUrl                    : 
ServicePrincipalNames              : {a4c1cdb3-88ab-4d13-bc99-1c46106f0727}
ServicePrincipalType               : Application
Tags                               : {}


DeletionTimestamp                  : 
ObjectId                           : 01856548-5313-459d-aaca-3e36ad974bc5
ObjectType                         : ServicePrincipal
AccountEnabled                     : true
AddIns                             : {}
AlternativeNames                   : {}
AppDisplayName                     : Azure Virtual Desktop
AppId                              : 9cdead84-a844-4324-93f2-b2e6bb768d07
AppOwnerTenantId                   : f8cdef31-a31e-4b4a-93e4-5f571e91255a
AppRoleAssignmentRequired          : False
AppRoles                           : {class AppRole {
                                       AllowedMemberTypes: 
                                     System.Collections.Generic.List`1[System.String]
                                       Description: Creators can create Windows 
                                     Virtual Desktop Tenants
                                       DisplayName: Tenant.Create
                                       Id: 299dad25-58e3-473d-9733-171fb3034713
                                       IsEnabled: True
                                       Value: Tenant.Create
                                     }
                                     }
DisplayName                        : Azure Virtual Desktop
ErrorUrl                           : 
Homepage                           : 
KeyCredentials                     : {}
LogoutUrl                          : 
Oauth2Permissions                  : {class OAuth2Permission {
                                       AdminConsentDescription: Allow the application 
                                     to access Windows Virtual Desktop on your behalf.
                                       AdminConsentDisplayName: Access Windows 
                                     Virtual Desktop
                                       Id: 1ea0ab9c-b888-476f-aca9-0fc9a53b483a
                                       IsEnabled: True
                                       Type: User
                                       UserConsentDescription: Allow the application 
                                     to access Windows Virtual Desktop on your behalf.
                                       UserConsentDisplayName: Access Windows Virtual 
                                     Desktop
                                       Value: User.Access
                                     }
                                     }
PasswordCredentials                : {}
PreferredTokenSigningKeyThumbprint : 
PublisherName                      : Microsoft Services
ReplyUrls                          : {https://rdbroker.wvd.microsoft.com/aadCallback, 
                                     https://rdweb.wvd.microsoft.com/webclient/index.h
                                     tml, https://rdweb.wvd.microsoft.com/webclient, h
                                     ttps://www.wvd.microsoft.com/webclient/index.html
                                     ...}
SamlMetadataUrl                    : 
ServicePrincipalNames              : {9cdead84-a844-4324-93f2-b2e6bb768d07, 
                                     https://www.wvd.microsoft.com, 
                                     https://www.wvd.azure.us}
ServicePrincipalType               : Application
Tags                               : {disableLegacyUserImpersonationResource, 
                                     disableLegacyUserImpersonationClient}

DeletionTimestamp                  : 
ObjectId                           : 04017fdb-5cfa-42a8-ada9-d6827bff0255
ObjectType                         : ServicePrincipal
AccountEnabled                     : false
AddIns                             : {}
AlternativeNames                   : {}
AppDisplayName                     : ConnectionsService
AppId                              : b7912db9-aa33-4820-9d4f-709830fdd78f
AppOwnerTenantId                   : f8cdef31-a31e-4b4a-93e4-5f571e91255a
AppRoleAssignmentRequired          : False
AppRoles                           : {}
DisplayName                        : ConnectionsService
ErrorUrl                           : 
Homepage                           : 
KeyCredentials                     : {}
LogoutUrl                          : https://api.connections.ms
Oauth2Permissions                  : {class OAuth2Permission {
                                       AdminConsentDescription: Access Connections 
                                     Service Api
                                       AdminConsentDisplayName: Access Connections 
                                     Service Api
                                       Id: 04d2d44f-432b-4f9b-be28-cb651a028099
                                       IsEnabled: True
                                       Type: User
                                       UserConsentDescription: Access Connections 
                                     Service Api
                                       UserConsentDisplayName: Access Connections 
                                     Service Api
                                       Value: user_impersonation
                                     }
                                     }
PasswordCredentials                : {}
PreferredTokenSigningKeyThumbprint : 
PublisherName                      : Microsoft Services
ReplyUrls                          : {https://api.connections.ms}
SamlMetadataUrl                    : 
ServicePrincipalNames              : {b7912db9-aa33-4820-9d4f-709830fdd78f, 
                                     https://api.connections.ms}
ServicePrincipalType               : Application
Tags                               : {}

Note: The above is a trimmed output as the output is too big so I didn’t add the complete one.

You can see the same output below

Get-AzureADServicePrincipal

Example-2:

You can execute the below Azure PowerShell command that can help you to retrieve the service principal based on the specified Object ID.

Connect-AzureAD -TenantId 5d9d690a-0310-474d-ae8b-42df2d549228
Get-AzureADServicePrincipal -ObjectId 5597888b-c202-4d61-bfbd-1e1993e1b248

After executing the above command, I got the expected output below

Get-AzureADServicePrincipal PowerShell

Example-3:

Execute the below PowerShell command to retrieve the lists of service principals from your Azure Active Directory based on the specified filter condition.

Connect-AzureAD -TenantId 5d9d690a-0310-474d-ae8b-42df2d549228 
Get-AzureADServicePrincipal -Filter "startswith(DisplayName,'Connections')"

After executing the above PowerShell command, I got the output as expected. You can check out the screenshot below for your reference.

Get-AzureADDevice -Filter

Get-AzureADServicePrincipal – Video Tutorial

Final Thoughts

In this Azure PowerShell article, we discussed the syntax and usage of the Get-AzureADServicePrincipal PowerShell command with examples of how to use this PowerShell command.