![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 13%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKV%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,202 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Hi @Kotagi, Veeresh,
Based on your query, here is my understanding: You are unable to perform role assignment using Microsoft graph PowerShell.
The error of term not recognized for Connect-MgGraph comes up when the module is not found. To avoid this error, you need to first install the module in your PowerShell. Check the prerequisites which are required to install Microsoft graph PowerShell SDK. Make sure you have
- Upgrade to PowerShell 5.1 or later
- Install .NET Framework 4.7.2 or later
Now open PowerShell as administrator set the PowerShell Execution policy to remotesigned or lessrestrictive using the following command:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Installation command: Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force
Check the installation: Get-InstalledModule Microsoft.Graph
Installation guide documentation: Install the Microsoft Graph PowerShell SDK.
Connect MgGraph: Connect-MgGraph -Scopes "RoleManagement.ReadWrite.Directory"
The scopes are the permissions which are required to manage the particular feature. In this situation, you are connecting to role management, so provided the scope accordingly.
Documentation to connect MgGraph with various scopes: Connect-MgGraph.
Based on the command, I understood you are performing role assignments, here is the documentation for the role assignments: Assign Microsoft Entra roles in Privileged Identity Management using Microsoft Graph PowerShell.
Here are the primary prerequisites: Privileged Role Administrator role and Microsoft Entra ID P2 or Enterprise Mobility + Security (EMS) E5 license. If you do not have any of the prerequisites, you will not be able to perform the operations.
Example for assignment of role:
$params = @{
"PrincipalId" = "d29e358a-a443-4d83-98b3-499a5405bb5b"
"RoleDefinitionId" = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
"Justification" = "Add eligible assignment"
"DirectoryScopeId" = "/"
"Action" = "AdminAssign"
"ScheduleInfo" = @{
"StartDateTime" = Get-Date
"Expiration" = @{
"Type" = "AfterDuration"
"Duration" = "PT10H"
}
}
}
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params |
Format-List Id, Status, Action, AppScopeId, DirectoryScopeId, RoleDefinitionId, IsValidationOnly, Justification, PrincipalId, CompletedDateTime, CreatedDateTime
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"