25,130 questions
Hi @Dave O'Donohoe , you can try something like this in PowerShell. Let me know if it works:
# Connect to your Azure account
Connect-AzAccount
# Get all subscriptions
$subscriptions = Get-AzSubscription
# Loop through each subscription
foreach ($subscription in $subscriptions) {
# Set the current subscription context
Set-AzContext -SubscriptionId $subscription.Id
# Get all role assignments
$roleAssignments = Get-AzRoleAssignment
# Loop through each role assignment
foreach ($roleAssignment in $roleAssignments) {
try {
# Try to get the assigned identity (user, group, service principal, or managed identity)
Get-AzADObject -ObjectId $roleAssignment.ObjectId -ErrorAction Stop
} catch {
# If the assigned identity is not found, remove the role assignment
if ($_.Exception.Message -like "*Unable to find identity*") {
Remove-AzRoleAssignment -ObjectId $roleAssignment.ObjectId -RoleDefinitionName $roleAssignment.RoleDefinitionName -Scope $roleAssignment.Scope -Force
}
}
}
}
This script connects to your Azure account, retrieves all subscriptions, and iterates through each subscription to get all role assignments. For each role assignment, it checks if the assigned identity exists. If the identity is not found, the script removes the role assignment.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 18%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
