[Request]: Add Get-AdoMembership list support

[msc365admin]

Is there an existing issue for this?

• I have searched the existing issues

Azure.DevOps.PSModule version

0.4.1

Related function

Get-AdoMembership

Use case

As a DevOps Engineer
I want to retrieve all memberships for a given subject (user or group)
So that I can quickly see all groups/containers a subject belongs to without querying each relationship individually

Notes
Currently, Get-AdoMembership only supports querying a specific membership relationship between a subject and a container (requires both descriptors). The Azure DevOps REST API supports listing all memberships for a subject without specifying a container.

This would be useful for:

• Auditing user or group memberships
• Discovering all groups a user belongs to
• Understanding group hierarchies and relationships
• Troubleshooting permission issues

Proposed solution

Extend the existing Get-AdoMembership cmdlet with a new parameter set that accepts only the SubjectDescriptor parameter.

API Endpoint:

GET https://vssps.dev.azure.com/{organization}/_apis/graph/
    memberships/{subjectDescriptor}?api-version=7.1-preview.1

Reference:

https://learn.microsoft.com/en-us/rest/api/azure/devops/graph/memberships/list

Proposed Implementation:

function Get-AdoMembership {
    [CmdletBinding(DefaultParameterSetName = 'List')]
    param (
        [Parameter(ValueFromPipelineByPropertyName)]
        [string]$CollectionUri = $env:DefaultAdoCollectionUri,

        [Parameter(Mandatory, ValueFromPipelineByPropertyName, ValueFromPipeline)]
        [string[]]$SubjectDescriptor,

        [Parameter(Mandatory, ParameterSetName = 'Get', ValueFromPipelineByPropertyName)]
        [string]$ContainerDescriptor,

        [Parameter(ParameterSetName = 'List')]
        [ValidateSet('up', 'down')]
        [string]$Direction,

        [Parameter()]
        [string]$Version = '7.1-preview.1'
    )
    # Implementation
}

Example Usage:

# Get specific membership relationship (existing functionality)
Get-AdoMembership `
    -SubjectDescriptor 'aad.00000000-0000-0000-0000-000000000000' `
    -ContainerDescriptor 'vssgp.00000000-0000-0000-0000-000000000001'

# List all memberships for a user (new functionality)
Get-AdoMembership `
    -SubjectDescriptor 'aad.00000000-0000-0000-0000-000000000000'

# List all parent groups (up direction)
Get-AdoMembership `
    -SubjectDescriptor 'vssgp.00000000-0000-0000-0000-000000000001' `
    -Direction 'up'

# List all child members (down direction)
Get-AdoMembership `
    -SubjectDescriptor 'vssgp.00000000-0000-0000-0000-000000000001' `
    -Direction 'down'

# Pipeline support
$users | Get-AdoMembership

Output Format:

@{
    memberDescriptor    = 'aad.00000000-0000-0000-0000-000000000000'
    containerDescriptor = 'vssgp.00000000-0000-0000-0000-000000000001'
    collectionUri       = 'https://vssps.dev.azure.com/my-org'
}