Azure PowerShell Reference

Comprehensive documentation for Azure cmdlets

Home > Azure > Reference > Azure PowerShell > Azure AD Role Cmdlets

Azure AD Role Cmdlets

Manage role assignments and definitions within Azure Active Directory using PowerShell. These cmdlets help you control access to Azure resources and applications by assigning roles to users, groups, and service principals.

Overview

Azure Active Directory (Azure AD) roles provide a way to manage permissions and access control for your Azure resources. The Azure AD PowerShell module offers a robust set of cmdlets to programmatically manage these roles. You can use these cmdlets to:

  • View available roles and their permissions.
  • Assign roles to users, groups, and service principals.
  • Remove role assignments.
  • Manage custom roles.
  • Audit role assignments.

These cmdlets are part of the Azure AD PowerShell module.

Common Cmdlets

Get-AzureADDirectoryRole

Retrieves directory roles in Azure AD.

Example: Get-AzureADDirectoryRole -Filter "DisplayName eq 'Global Administrator'"

Get-AzureADDirectoryRoleMember

Retrieves members of a directory role.

Example: Get-AzureADDirectoryRoleMember -ObjectId "your_role_id"

New-AzureADDirectoryRole

Creates a new directory role in Azure AD.

Example: New-AzureADDirectoryRole -DisplayName "Custom Role" -Description "My custom role"

Add-AzureADDirectoryRoleMember

Adds a member to a directory role.

Example: Add-AzureADDirectoryRoleMember -ObjectId "your_role_id" -RefObjectId "user_object_id"

Remove-AzureADDirectoryRoleMember

Removes a member from a directory role.

Example: Remove-AzureADDirectoryRoleMember -ObjectId "your_role_id" -MemberId "member_object_id"

Get-AzureADAdministrativeUnitRoleMember

Retrieves members of a role within an administrative unit.

Example: Get-AzureADAdministrativeUnitRoleMember -ObjectId "admin_unit_id" -RoleObjectId "role_id"

New-AzureADAdministrativeUnitRole

Creates a role assignment within an administrative unit.

Example: New-AzureADAdministrativeUnitRole -AdministrativeUnitObjectId "admin_unit_id" -RoleTemplateId "role_template_id" -ObjectId "user_object_id"

Prerequisites

To use these cmdlets, you need to:

  1. Install the Azure AD PowerShell module:
    2. Install-Module AzureAD
  2. Connect to Azure AD:
    3. Connect-AzureAD
  3. Ensure you have the necessary permissions in Azure AD to manage roles.

Related Topics