Get-MgDirectoryRole

Module:

Microsoft.Graph.Identity.DirectoryManagement Module

Retrieve the properties of a directoryRole object. The role must be activated in tenant for a successful response. You can use both the object ID and template ID of the directoryRole with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Microsoft Entra admin center. For details, see Role template IDs.

Get-MgDirectoryRole
 [-ExpandProperty <string[]>]
 [-Property <string[]>]
 [-Filter <string>]
 [-Search <string>]
 [-Skip <int>]
 [-Sort <string[]>]
 [-Top <int>]
 [-ResponseHeadersVariable <string>]
 [-Break]
 [-Headers <IDictionary>]
 [-HttpPipelineAppend <SendAsyncStep[]>]
 [-HttpPipelinePrepend <SendAsyncStep[]>]
 [-Proxy <uri>]
 [-ProxyCredential <pscredential>]
 [-ProxyUseDefaultCredentials]
 [-PageSize <int>]
 [-All]
 [-CountVariable <string>]
 [<CommonParameters>]

Get-MgDirectoryRole
 -DirectoryRoleId <string>
 [-ExpandProperty <string[]>]
 [-Property <string[]>]
 [-ResponseHeadersVariable <string>]
 [-Break]
 [-Headers <IDictionary>]
 [-HttpPipelineAppend <SendAsyncStep[]>]
 [-HttpPipelinePrepend <SendAsyncStep[]>]
 [-Proxy <uri>]
 [-ProxyCredential <pscredential>]
 [-ProxyUseDefaultCredentials]
 [<CommonParameters>]

Get-MgDirectoryRole
 -InputObject <IIdentityDirectoryManagementIdentity>
 [-ExpandProperty <string[]>]
 [-Property <string[]>]
 [-ResponseHeadersVariable <string>]
 [-Break]
 [-Headers <IDictionary>]
 [-HttpPipelineAppend <SendAsyncStep[]>]
 [-HttpPipelinePrepend <SendAsyncStep[]>]
 [-Proxy <uri>]
 [-ProxyCredential <pscredential>]
 [-ProxyUseDefaultCredentials]
 [<CommonParameters>]

Retrieve the properties of a directoryRole object. The role must be activated in tenant for a successful response. You can use both the object ID and template ID of the directoryRole with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Microsoft Entra admin center. For details, see Role template IDs.

Permissions

Get-MgDirectoryRole | Format-List

DeletedDateTime :
Description : Can read basic directory information. Commonly used to grant directory read access to
 applications and guests.
DisplayName : Directory Readers
Id : 86596a70-0099-457d-8c89-1f5085b395ca
Members :
RoleTemplateId : 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
ScopedMembers :
AdditionalProperties : {}

This examples gets all the available directory roles.

Get-MgDirectoryRole -DirectoryRoleId '86596a70-0099-457d-8c89-1f5085b395ca' |
 Format-List

DeletedDateTime :
Description : Can read basic directory information. Commonly used to grant directory read access to
 applications and guests.
DisplayName : Directory Readers
Id : 86596a70-0099-457d-8c89-1f5085b395ca
Members :
RoleTemplateId : 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
ScopedMembers :
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#directoryRoles/$entity]}

This example gets the directory role based on the specified Id.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

INPUTOBJECT <IIdentityDirectoryManagementIdentity>: Identity Parameter [AdministrativeUnitId <String>]: The unique identifier of administrativeUnit [AllowedValueId <String>]: The unique identifier of allowedValue [AttributeSetId <String>]: The unique identifier of attributeSet [CertificateAuthorityDetailId <String>]: The unique identifier of certificateAuthorityDetail [CertificateBasedAuthPkiId <String>]: The unique identifier of certificateBasedAuthPki [CommerceSubscriptionId <String>]: Alternate key of companySubscription [CompanySubscriptionId <String>]: The unique identifier of companySubscription [ContractId <String>]: The unique identifier of contract [CustomSecurityAttributeDefinitionId <String>]: The unique identifier of customSecurityAttributeDefinition [DeviceId <String>]: The unique identifier of device [DeviceLocalCredentialInfoId <String>]: The unique identifier of deviceLocalCredentialInfo [DirectoryObjectId <String>]: The unique identifier of directoryObject [DirectoryRoleId <String>]: The unique identifier of directoryRole [DirectoryRoleTemplateId <String>]: The unique identifier of directoryRoleTemplate [DomainDnsRecordId <String>]: The unique identifier of domainDnsRecord [DomainId <String>]: The unique identifier of domain [DomainName <String>]: Usage: domainName='{domainName}' [ExtensionId <String>]: The unique identifier of extension [IdentityProviderBaseId <String>]: The unique identifier of identityProviderBase [InternalDomainFederationId <String>]: The unique identifier of internalDomainFederation [OnPremisesDirectorySynchronizationId <String>]: The unique identifier of onPremisesDirectorySynchronization [OrgContactId <String>]: The unique identifier of orgContact [OrganizationId <String>]: The unique identifier of organization [OrganizationalBrandingLocalizationId <String>]: The unique identifier of organizationalBrandingLocalization [ProfileCardPropertyId <String>]: The unique identifier of profileCardProperty [RoleTemplateId <String>]: Alternate key of directoryRole [ScopedRoleMembershipId <String>]: The unique identifier of scopedRoleMembership [SubscribedSkuId <String>]: The unique identifier of subscribedSku [TenantId <String>]: Usage: tenantId='{tenantId}' [UserId <String>]: The unique identifier of user