PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,880 questions
Need help in getting RBAC roles assigned to users, groups and members in the groups.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 16%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Mahadev, Rakesh [HAEA]
225
Reputation points
Hi Team,
I'm trying to fetch the RBAC role for users, groups and members of the groups across subscriptions in Azure. I'm able to fetch the RBAC role for users but not for groups. Could you please assist me here.
Below is the script I'm tying to run
Write-Host "Authenticating to Azure..." -ForegroundColor Cyan
Connect-AzAccount
Write-Host "Authenticating to Azure AD..." -ForegroundColor Cyan
Connect-AzureAD
Fetch subscription based on SubscriptionID
$subscription = Get-AzSubscription -SubscriptionId "0edcee89-3540-4742-b814-a05a2da1d719"
$roleAssignmentsAndGroupMembers = @()
Write-Host "Processing subscription: $($subscription.Name)" -ForegroundColor Yellow
Set the subscription context
Set-AzContext -SubscriptionId $subscription.Id
Get all role assignments for the subscription
$roleAssignments = Get-AzRoleAssignment | Where-Object { $_.ObjectType -in @("User", "Group") }
foreach ($roleAssignment in $roleAssignments) {
if ($roleAssignment.ObjectType -eq "Group") {
Write-Host "Fetching members for group: $($roleAssignment.DisplayName)" -ForegroundColor Green
try {
$groupMembers = Get-AzureADGroupMember -ObjectId $roleAssignment.PrincipalId -All $true
foreach ($member in $groupMembers) {
$roleAssignmentsAndGroupMembers += [PSCustomObject]@{
SubscriptionName = $subscription.Name
SubscriptionId = $subscription.Id
Role = $roleAssignment.RoleDefinitionName
PrincipalType = "Group"
PrincipalName = $roleAssignment.DisplayName
MemberName = $member.DisplayName
MemberType = $member.ObjectType
}
}
} catch {
Write-Warning "Unable to fetch members for group: $($roleAssignment.DisplayName)"
}
} elseif ($roleAssignment.ObjectType -eq "User") {
# Add individual user role assignments
$roleAssignmentsAndGroupMembers += [PSCustomObject]@{
SubscriptionName = $subscription.Name
SubscriptionId = $subscription.Id
Role = $roleAssignment.RoleDefinitionName
PrincipalType = "User"
PrincipalName = $roleAssignment.DisplayName
MemberName = $roleAssignment.DisplayName
MemberType = "User"
}
}
}
Export results to CSV
$csvFilePath = "C:\Users\rakesh.mahadev\Downloads\RoleAssignmentsAndGroupMembers5.csv"
$roleAssignmentsAndGroupMembers | Export-Csv -Path $csvFilePath -NoTypeInformation -Encoding UTF8
Write-Host "Export completed. File saved to: $csvFilePath" -ForegroundColor Green
Sign in to answer