Get-MgRoleManagementDirectoryRoleAssignment and Get-MgRoleManagementDirectoryRoleEligibilitySchedule is what you need, the latter being the PIM roles.
If you are looking for ready-to-use solution or something you can build on, I published sample scripts on how to do this via the Microsoft Graph SDK for PowerShell or direct Graph API requests a while back: https://www.michev.info/Blog/Post/3958
Determine Azure AD Administrative Roles assignments, eligible and active, with Powershell Graph
![](https://techprofile.blob.core.windows.net/images/hyUyTKcgAQAAAAAAAAAAAA.png?8D8691)
Hi,
I'm new to Azure AD and Powershell Graph, hoping I'm at the right place for the question.
I'm trying to use Powershell graph to determine a.o. what Azure AD Administrative roles have which assignments, both eligible (most importantly) and active.
So far I found a few commands that are helpful:
- GetMgDirectoryRole
- GetMgDirectoryRoleTemplate
Now I need to find the role assignments, with the proper information (eligible or active) and I'm confused. Because the only command I have been able to dig up is part of Device Management enrollment, which seems rather illogical and not right?:
- GetMgRoleManagementDirectoryRoleASsignment
Any insight here? Is this the correct command for Azure AD Administrative roles?
Cheers!
-
Vasil Michev 100.2K Reputation points MVP
2022-09-01T17:42:14.267+00:00
1 additional answer
Sort by: Most helpful
-
JimmySalian-2011 42,071 Reputation points
2022-09-01T17:42:12.533+00:00 Hi Martin,
I guess the Graph Explorer will be better option to list down the roles assigned, please check this link for pre-reqs and steps prerequisites
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.