Export the members of a project level group from all the projects in an Azure DevOps


How many project administrators do you have on an average per project? Though there is no real mandate or best practice on the number, I think you don’t want too many people with project admin privileges. This could also be an auditing question to figure out who can do what. Same can be the case with Build and Release admin group, other default groups or any of the custom security groups that you may have created at the project level.

If you are trying to export such a list, here is a script that can help you.
You can provide any project level group as the input to the script, and it will export a list containing the members of the group, across all the projects in your organization to a csv file.  The script lists both users and groups that are members of the group given as input, but do not expand groups further.
You can then filter by project to look at the details of individual projects.

How to run the script:

  1. The script takes three parameters:
    • Name of the Azure DevOps organization.
    • PAT token with collection level permissions.
    • Name of the project level group. If you need to export the project admin list, give "Project Administrators" as the group name. The complete name of a project level group will be [ProjectName]\GroupName, you just have to provide GroupName as the input.

  1. Invoke the script with the above parameters. If the provided group name exists in at least one project in the organization, as csv file will be generated at the same location from where you are running the script.


Hope this helps!




Comments

Post a Comment

Popular posts from this blog

Azure DevOps - getting project stats for all projects

Image
If you have quite a lot of projects in your Azure DevOps organization and is looking for a way to filter the inactive projects out, that’s what   we will discuss today.   This is going to be based on the data the we see in the "Project stats" section on the landing page of an ADO project. This data gets fetched using the   "Contribution/HierarchyQuery/project" REST Api, which for some reason doesn't seem to be documented. So we may have to keep an eye out for any changes.   The apis lets you get project stats like: Work Items : created and updated Repos : Commits pushed with the number of authors, PRs created and completed the range can be specified, and accepts a maximum value of 30 days. If you use TFVC, that data is also returned - like the number of changesets and authors. I am not using it for the calculation here as we don't use TFVC.  You can also get the metrics for builds and releases - j ust in case you are interested, the...
Read more

Do you really need so many Basic + Test Plans licenses?

Planning to discuss another cost saving opportunity in Azure DevOps in this post.   You can find the number of Basic + Test Plans licenses you are currently consuming by looking at the summary from the users page under org settings in Azure DevOps, or by hitting the User Entitlement Summary API. Multiply the number by $52 to get your monthly spend for this license type.   The below article has a comparison of the activities that can be performed with Basic vs Basic + Test Plans licenses: https://docs.microsoft.com/en-us/azure/devops/test/manual-test-permissions?view=azure-devops#license-requirements   This is a short summary of the comparison: Basic + Test Plans  Basic  Create test cases from the  Define  tab inside Azure Test Plans.    Create test cases (but not from  Define  tab in Azure Test Plans.  ...
Read more

Managing user licenses and cost for Azure DevOps.

Image
User licenses contribute to a major share of the cost for Azure DevOps services. In this post we will focus mainly on user licenses and some tips for managing them efficiently. Managing the cost associated with other paid services for Azure DevOps will be covered in a separate post. If you are part of the Azure DevOps admin team of your organization, you should be having an idea about the monthly / annual spend for Azure DevOps. The user who sets up billing for Azure DevOps services needs to have permissions at the subscription level, as explained in this article -  Add a user who can set up billing for Azure DevOps . Often what happens is, setting up billing for Azure DevOps is done by someone who has more privileges in Azure - like a subscription admin. However once the subscription is linked, an ADO collection admin can then add people and assign them licenses.  It is also possible that the ADO admin doesn't get a copy of the bill, thereby blocking the visibili...
Read more