Share via

List Privileged group assignments for a user with prowershell and MS Graph

Vincent Janssens de Bisthoven 0 Reputation points
2024-01-26T18:40:00.56+00:00

Hello, I want to get all eligible and all assigned Privileged Access Group assignments for a user account. I am getting the error "Attempted to perform an unauthorized operation" when I use the command "Get-MgRoleManagementDirectoryRoleAssignmentSchedule -Filter "PrincipalID eq {principalid}" or "Get-MgRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalID eq {principalid}". Any help is welcome, Vincent

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,309 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,878 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 115.7K Reputation points MVP
    2024-01-27T17:54:27.9366667+00:00

    Make sure you have sufficient permissions to call the cmdlet, you will need the RoleManagement.Read.Directory scope consented to. Here's a working example:

    Connect-MgGraph -Scopes RoleManagement.Read.Directory

Get-MgRoleManagementDirectoryRoleEligibilitySchedule -Filter "principalId eq '00f475c3-ef4d-41d3-afb1-73d76ab8a9fa'"

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.