I would like to do a validation of members who have an "Active assignment" role in Azure AD. Is there a way to know if the role was granted by a group or directly? How could I get the information into my script? Thank you for your help
connect-azuread
$roles = Get-AzureADDirectoryRole | select objectid, displayname
ForEach($role in $roles){
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | select @{n="Azure role";e={$role.DisplayName}}, displayname
}
CodePudding user response:
You found the easiest solution using powershell.I check with Ms graph it is bit difficult than powershell. I also removed one of the statement from your code which is not required .
I tested in my environment working fine for me.
connect-azuread
$roles = Get-AzureADDirectoryRole
ForEach($role in $roles){
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | select @{n="Azure role";e={$role.DisplayName}}, displayname
}