Do you have an idea or suggestion based on your experience with Azure Management Groups?

AzManagementGroupSubscription needs Get/Delete verbs

Description of the new feature
Az.Resource currently implements a NEW verb for adding a sub to an MG. The corresponding GET/DELETE verbs have not been implemented.

Get
The azManagementGroup stuff allow for retrieving a tree of your MG and subs. Finding where a Sub in the tree is currently has no native code. You have to retrieve the entire tree and recursively search for where the sub is assigned.

Delete
Currently the only way to remove a Sub from an MG is to re-parent it to its new location or the "Tenant Root Group" MG. Since once MG's are turned on, this new DELETE should move any sub's back up to the root. New-AzManagementGroupSubscription should not move a sub unless a -Force parameter is specified

Proposed implementation details (optional)
I'm currently using this code to search for a Sub in the MG tree:

[CmdletBinding()]
Param
(
[String] $TenantID,
[string] $SubscriptionID
)

Function FindSubInMGChildren {
[CmdletBinding()]
Param
(
[Object] $MG,
[string] $SubID
)
#MG is a MG Object with populated children
Write-Verbose " Evaluating $($MG.DisplayName) "

#No children in this MG
If ($MG.Children -eq $null) {
Write-Verbose " $($MG.DisplayName) has no children"
Return $null
}

#loop through all children, look for type = '/subscriptions' and name = subID
foreach($child in $MG.Children) {
if ($Child.Type -eq '/subscriptions' -and $child.Name -eq $subID) {
Write-Verbose " Sub $subID found as child in $($MG.DisplayName)"

#Found
Return $MG
}
#Recurse
if ($Child.Type -eq '/providers/Microsoft.Management/managementGroups') {
$Results = FindSubInMGChildren -MG $child -subID $SubID
if ($Results -NE $Null) {
Return $Results
}
}
}
#Not found
Return $null
}

#Root MG is the TenantID - note you have to use EXPAND
$MGTree = Get-AzManagementGroup -GroupName $tenantID -Recurse -Expand

$FoundMG = FindSubInMGChildren -mg $MGTree -subID $SubscriptionID
if ($FoundMG) {
Write-Host "found sub '$SubscriptionID' in MG: '$($FoundMG.DisplayName)'"
} else {
Write-Host "Sub '$subID' Not found"
}

From: https://github.com/Azure/azure-powershell/issues/9159#event-2334028647

1 vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

AdminManagement Group Team (Product Manager, Microsoft Azure) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base