Hello,
Firstly, here is the context of my problem: I’m trying to use an Automation Account to run a script that will extract information for a couple of subscriptions (active directory Groups, users in those groups, role assignments for those users, the resource groups and resources to which those roles are assigned). I have set up the Automation Account per the instructions here: https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-automation
It also currently has the following API Permissions for Microsoft.Graph: Directory.Read.All, Group.Read.All, RoleManagement.Read.All, RoleManagement.Read.Directory, User.Read.All and they are all application and not delegated permissions. The account also has a "Reader" role assignment for the subscriptions.
The problem is the following: I am having trouble getting a list of role assignments. If I try using Get-MgRoleManagementDirectoryRoleAssignment my output contains only Ids and empty objects for Principal, RoleDefinition, AppScope and DirectoryScope. If I try to use Get-AzRole Assignment, RoleDefinitionName and Scope seem to display appropriately, but DisplayName and SigninName are again empty and if I try running the command for a specific user ID I get a completely empty output. I can view the active directory groups and users by using Get-MgGroup, Get-MgGroupMember and Get-MgUser and I can also view resource groups and resources using Get-AzResourceGroup and Get-AzResource. Does anyone have any ideas for a solution to this?
Many thanks in advance for the help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 42%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDF%3C/text%3E%3C/svg%3E)
