Recently, I had to retrieve the Azure AD Object Id of a certain Azure AD Group. Because my script was already intensively leveraging Azure CLI, I used the az ad group list command.
My command used the –query functionality to find the appropriate Azure AD group, based on the display name. It worked perfectly on my local AD, however on my customer’s Azure AD, this took almost 2 minutes.
$AdGroupObjectId = (az ad group list --query "[?displayName == '$AdGroupName'].objectId" --output tsv)
The reason why this took so long, is because the –query logic gets executed client side. So, Azure CLI was returning the full list of Azure AD groups and afterwards, the desired group was selected within the huge result-set. A more performant way to achieve the same result is by leveraging the –filter parameter: this is an OData filter that gets executed server side. As a result, this is the optimal version of the Azure CLI command:
$AdGroupObjectId = (az ad group list --filter "(displayName eq '$AdGroupName')" --query ".objectId" --output tsv)
A special thanks to my colleague Brecht, who shared his findings with me!
Sharing is caring!