Get-xAzDoProjectPermissionList

1.2

Get-xAzDoProjectPermissionList.ps1

                                
<#PSScriptInfo

.VERSION 1.2

.GUID 894d99d5-ef22-4ad3-b21d-b4af5b267fe9

.AUTHOR Chendrayan Venkatesan

.COMPANYNAME Free Lancer

.COPYRIGHT

.TAGS

.LICENSEURI

.PROJECTURI

.ICONURI

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS

.EXTERNALSCRIPTDEPENDENCIES

.RELEASENOTES

.PRIVATEDATA

#>

<# 

.DESCRIPTION 

 A PowerShell script to retrieve Azure DevOps Project Permissions 

#> 

param (

    $PAT,

    $Organization

)

#region

$UserCollection = @()

$ResultCollection = @()

#endregion

#region - Retrieve User Collection

$PATGetBytes = [System.Text.Encoding]::ASCII.GetBytes(":$PAT")

$Authentication = [System.Convert]::ToBase64String($PATGetBytes)

$Headers = @{Authorization = ("Basic {0}" -f $Authentication) }

do {

    $Uri = "https://$($Organization).vsaex.visualstudio.com/_apis/UserEntitlements?continuationToken=$ContinuationToken"

    $UserCollection += (Invoke-RestMethod -Uri $Uri -Headers $Headers).members

    $ContinuationToken = $UserCollection.continuationToken

} while ($null -eq $ContinuationToken)

#endregion 

#region - Retrieve Permission List

foreach ($Identity in $UserCollection.user) {

    $MemberDescriptor = (Invoke-RestMethod -Uri "https://$($Organization).vssps.visualstudio.com/_apis/Graph/Memberships/$($Identity.descriptor)" -Headers $Headers).value

    foreach ($Member in $MemberDescriptor) {

        $Body = [pscustomobject]@{

            lookupkeys = @([pscustomobject]@{

                    descriptor = $Member.containerDescriptor

                })

        } | ConvertTo-Json

        $Subjectlookup = (Invoke-RestMethod -Uri "https://vssps.dev.azure.com/$($Organization)/_apis/graph/subjectlookup?api-version=6.0-preview.1" -Method Post -Body $($Body) -Headers $Headers -ContentType 'application/json')

        $Groups = (($subjectlookup.value | Get-Member -MemberType NoteProperty).Name)

        foreach ($Group in $Groups) {

            $ResultCollection += [PSCustomObject]@{

                PrincipalName = $Identity.principalName

                DisplayName   = $Identity.displayName

                ProjectName   = $($Subjectlookup.value.$($Group).principalName -split '\\')[0] -replace '\[' , '' -replace '\]' , ''

                GroupName     = $($Subjectlookup.value.$($Group).principalName -split '\\')[1]

            }

        }

    }

}

$ResultCollection

#endregion