If you assign a role in Azure and later delete the identity before you delete the role assignment, you wind up with an "Identity not found." condition. It's harmless, but it takes up a role assignment slot and clutters the role assignments list. I would like to find and delete these.
I am thinking that this:
Get-AzRoleAssignment | Where-object -Property Displayname -eq $null
...will get me those roles without an associated identity, and it seems to work, but the Azure docs don't really create much of an assurance that this will cover all cases.
Should I add something else to this? Or is there a better way of finding these roles assignments?
CodePudding user response:
Turns out this is the way to identify these orphaned role assignments, albeit indirectly.