Merge pull request #200469 from rolyon/rolyon-rbac-cli-object-id

PRMerger19 · web-flow · commit 260d04aca05f · 2022-06-03T14:38:32.000-07:00
[Azure RBAC] CLI object id updates
diff --git a/articles/role-based-access-control/role-assignments-cli.md b/articles/role-based-access-control/role-assignments-cli.md
@@ -7,7 +7,7 @@ manager: karenhoran
 ms.service: role-based-access-control
 ms.topic: how-to
 ms.workload: identity
-ms.date: 09/28/2020
+ms.date: 06/03/2022
 ms.author: rolyon
 ms.custom: contperf-fy21q1, devx-track-azurecli
 ---
@@ -35,23 +35,23 @@ You can assign a role to a user, group, service principal, or managed identity.
 For an Azure AD user, get the user principal name, such as *patlong\@contoso.com* or the user object ID. To get the object ID, you can use [az ad user show](/cli/azure/ad/user#az-ad-user-show).
 
 ```azurecli
-az ad user show --id "{principalName}" --query "objectId" --output tsv
+az ad user show --id "{principalName}" --query "id" --output tsv
 ```
 
 **Group**
 
 For an Azure AD group, you need the group object ID. To get the object ID, you can use [az ad group show](/cli/azure/ad/group#az-ad-group-show) or [az ad group list](/cli/azure/ad/group#az-ad-group-list).
 
 ```azurecli
-az ad group show --group "{groupName}" --query "objectId" --output tsv
+az ad group show --group "{groupName}" --query "id" --output tsv
 ```
 
 **Service principal**
 
 For an Azure AD service principal (identity used by an application), you need the service principal object ID. To get the object ID, you can use [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list). For a service principal, use the object ID and **not** the application ID.
 
 ```azurecli
-az ad sp list --all --query "[].{displayName:displayName, objectId:objectId}" --output tsv
+az ad sp list --all --query "[].{displayName:displayName, id:id}" --output tsv
 az ad sp list --display-name "{displayName}"
 ```
 
diff --git a/articles/role-based-access-control/role-assignments-list-cli.md b/articles/role-based-access-control/role-assignments-list-cli.md
@@ -10,7 +10,7 @@ ms.service: role-based-access-control
 ms.topic: how-to
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 10/30/2020
+ms.date: 06/03/2022
 ms.author: rolyon
 ms.reviewer: bagovind
 ---
@@ -161,13 +161,13 @@ az role assignment list --scope /providers/Microsoft.Management/managementGroups
     To get the principal ID of a user-assigned managed identity, you can use [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list) or [az identity list](/cli/azure/identity#az-identity-list).
 
     ```azurecli
-    az ad sp list --display-name "{name}" --query [].objectId --output tsv
+    az ad sp list --display-name "{name}" --query [].id --output tsv
     ```
 
     To get the principal ID of a system-assigned managed identity, you can use [az ad sp list](/cli/azure/ad/sp#az-ad-sp-list).
 
     ```azurecli
-    az ad sp list --display-name "{vmname}" --query [].objectId --output tsv
+    az ad sp list --display-name "{vmname}" --query [].id --output tsv
     ```
 
 1. To list the role assignments, use [az role assignment list](/cli/azure/role/assignment#az-role-assignment-list).
diff --git a/articles/role-based-access-control/role-assignments-template.md b/articles/role-based-access-control/role-assignments-template.md
@@ -8,7 +8,7 @@ manager: karenhoran
 ms.service: role-based-access-control
 ms.topic: how-to
 ms.workload: identity
-ms.date: 01/21/2021
+ms.date: 06/03/2022
 ms.author: rolyon 
 ms.custom: devx-track-azurepowershell, devx-track-azurecli 
 ms.devlang: azurecli
@@ -34,7 +34,7 @@ $objectid = (Get-AzADUser -DisplayName "{name}").id
 ```
 
 ```azurecli
-objectid=$(az ad user show --id "{email}" --query objectId --output tsv)
+objectid=$(az ad user show --id "{email}" --query id --output tsv)
 ```
 
 ### Group
@@ -46,7 +46,7 @@ $objectid = (Get-AzADGroup -DisplayName "{name}").id
 ```
 
 ```azurecli
-objectid=$(az ad group show --group "{name}" --query objectId --output tsv)
+objectid=$(az ad group show --group "{name}" --query id --output tsv)
 ```
 
 ### Managed identities
@@ -58,7 +58,7 @@ $objectid = (Get-AzADServicePrincipal -DisplayName <Azure resource name>).id
 ```
 
 ```azurecli
-objectid=$(az ad sp list --display-name <Azure resource name> --query [].objectId --output tsv)
+objectid=$(az ad sp list --display-name <Azure resource name> --query [].id --output tsv)
 ```
 
 ### Application
@@ -70,7 +70,7 @@ $objectid = (Get-AzADServicePrincipal -DisplayName "{name}").id
 ```
 
 ```azurecli
-objectid=$(az ad sp list --display-name "{name}" --query [].objectId --output tsv)
+objectid=$(az ad sp list --display-name "{name}" --query [].id --output tsv)
 ```
 
 ## Assign an Azure role
