Looking for rest api to retrieve user entitlements on on-premise azure devops

Question

I am automating a couple of processes on an on-premise azure devops environment and I am looking for rest apis that would allow me retrieve user entitlements from the azure devops server.

Try checking this [documentation here](https://learn.microsoft.com/en-us/rest/api/azure/devops/memberEntitlementManagement/User%20Entitlements/Get%20User%20Entitlements?view=azure-devops-rest-5.1), if you haven't already. Please add specific details if you are seeing issue even after following it. — Thimmu Lanka, Jul 14 '20 at 01:47

Andy Li-MSFT · Answer 1 · 2020-07-14T08:36:09.800

Currently there isn't such a REST API to retrieve user entitlements for on-premise Azure DevOps server.

However as a workaround we can retrieve all the users using the client API from a specific collection: (Need to install Microsoft.TeamFoundationServer.ExtendedClient)

using System;
using Microsoft.TeamFoundation.Client;
using Microsoft.TeamFoundation.Framework.Client;
using Microsoft.TeamFoundation.Framework.Common;
using System.Linq;
using System.IO;

namespace Getuserlist

{

    class Program

    {
        static void Main(string[] args)

        {

            TfsConfigurationServer tcs = new TfsConfigurationServer(new Uri("https://wsicads2019"));

            IIdentityManagementService ims = tcs.GetService<IIdentityManagementService>();

            TeamFoundationIdentity tfi = ims.ReadIdentity(IdentitySearchFactor.AccountName, "[DefaultCollection]\\Project Collection Valid Users", MembershipQuery.Expanded, ReadIdentityOptions.None);

            TeamFoundationIdentity[] ids = ims.ReadIdentities(tfi.Members, MembershipQuery.None, ReadIdentityOptions.None);

            using (StreamWriter file = new StreamWriter("userlist.txt"))

                foreach (TeamFoundationIdentity id in ids)

                {
                    if (id.Descriptor.IdentityType == "System.Security.Principal.WindowsIdentity")

                    { Console.WriteLine("[{0},{1}]", id.UniqueName); }

                    file.WriteLine("[{0},{1}]", id.UniqueName);
                }

            var count = ids.Count(x => ids.Contains(x));
            Console.WriteLine(count);
            Console.ReadLine();
        }
    }
}

Alternately run TFSSecurity command from Developer command prompt on Client or run on Azure DevOps Server Application Tier to get list of all users and groups:

tfssecurity /imx all: /server:http://server:8080/tfs

For access levels we can call the following REST APIs to get the corresponding users: (Tested on Azure DevOps 2019)

Stakeholder : 
http://server:8080/tfs/_api/_identity/ReadLicenseUsers?__v=5&licenseTypeId=242a857e-50ce-43d9-ba9f-3aa82457d726

Basic : 
http://server:8080/tfs/_api/_identity/ReadLicenseUsers?__v=5&licenseTypeId=8b71784c-27ab-4490-bb97-e699ed4123e1

Basic + Test Plans : 
http://server:8080/tfs/_api/_identity/ReadLicenseUsers?__v=5&licenseTypeId=f29e17f1-60bd-44f0-ab2f-d67207ee9484

VS Enterprise : 
http://server:8080/tfs/_api/_identity/ReadLicenseUsers?__v=5&licenseTypeId=519a4528-2bd6-4ea4-b3cb-5440c1aaebc3

@OkoronkwoAlfredChinedu Have you resolved the issue by following the workaround? Any update here? — Andy Li-MSFT, Jul 21 '20 at 02:24

Looking for rest api to retrieve user entitlements on on-premise azure devops

1 Answers1