Get-MgDirectoryRole
Retrieve the properties of a directoryRole object. The role must be activated in tenant for a successful response. You can use both the object ID and template ID of the directoryRole with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Microsoft Entra admin center. For details, see Role template IDs.
Note
To view the beta release of this cmdlet, view Get-MgBetaDirectoryRole
Syntax
Get-MgDirectoryRole
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Get-MgDirectoryRole
-DirectoryRoleId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Get-MgDirectoryRole
-InputObject <IIdentityDirectoryManagementIdentity>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Description
Retrieve the properties of a directoryRole object. The role must be activated in tenant for a successful response. You can use both the object ID and template ID of the directoryRole with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Microsoft Entra admin center. For details, see Role template IDs.
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | RoleManagement.Read.Directory | Directory.Read.All, Directory.ReadWrite.All, RoleManagement.ReadWrite.Directory |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | RoleManagement.Read.Directory | Directory.Read.All, Directory.ReadWrite.All, RoleManagement.ReadWrite.Directory |
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | RoleManagement.Read.Directory | RoleManagement.ReadWrite.Directory, Directory.Read.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | RoleManagement.Read.Directory | RoleManagement.ReadWrite.Directory, Directory.Read.All, Directory.ReadWrite.All |
Examples
Example 1: Get all directory roles
Get-MgDirectoryRole | Format-List
DeletedDateTime :
Description : Can read basic directory information. Commonly used to grant directory read access to
applications and guests.
DisplayName : Directory Readers
Id : 86596a70-0099-457d-8c89-1f5085b395ca
Members :
RoleTemplateId : 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
ScopedMembers :
AdditionalProperties : {}This examples gets all the available directory roles.
Example 2: Get a directory role by Id
Get-MgDirectoryRole -DirectoryRoleId '86596a70-0099-457d-8c89-1f5085b395ca' |
Format-List
DeletedDateTime :
Description : Can read basic directory information. Commonly used to grant directory read access to
applications and guests.
DisplayName : Directory Readers
Id : 86596a70-0099-457d-8c89-1f5085b395ca
Members :
RoleTemplateId : 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
ScopedMembers :
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#directoryRoles/$entity]}This example gets the directory role based on the specified Id.
Parameters
-All
List all pages.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
| Type: | String |
| Aliases: | CV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DirectoryRoleId
The unique identifier of directoryRole
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExpandProperty
Expand related entities
| Type: | String[] |
| Aliases: | Expand |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Filter
Filter items by property values
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IIdentityDirectoryManagementIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PageSize
Sets the page size of results.
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Property
Select properties to be returned
| Type: | String[] |
| Aliases: | Select |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Search
Search items by search phrases
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Skip
Skip the first n items
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Sort
Order items by property values
| Type: | String[] |
| Aliases: | OrderBy |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Top
Show only the first n items
| Type: | Int32 |
| Aliases: | Limit |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IIdentityDirectoryManagementIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDirectoryRole
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IIdentityDirectoryManagementIdentity>: Identity Parameter
[AdministrativeUnitId <String>]: The unique identifier of administrativeUnit[AllowedValueId <String>]: The unique identifier of allowedValue[AttributeSetId <String>]: The unique identifier of attributeSet[CommerceSubscriptionId <String>]: Alternate key of companySubscription[CompanySubscriptionId <String>]: The unique identifier of companySubscription[ContractId <String>]: The unique identifier of contract[CustomSecurityAttributeDefinitionId <String>]: The unique identifier of customSecurityAttributeDefinition[DeviceId <String>]: The unique identifier of device[DeviceLocalCredentialInfoId <String>]: The unique identifier of deviceLocalCredentialInfo[DirectoryObjectId <String>]: The unique identifier of directoryObject[DirectoryRoleId <String>]: The unique identifier of directoryRole[DirectoryRoleTemplateId <String>]: The unique identifier of directoryRoleTemplate[DomainDnsRecordId <String>]: The unique identifier of domainDnsRecord[DomainId <String>]: The unique identifier of domain[ExtensionId <String>]: The unique identifier of extension[IdentityProviderBaseId <String>]: The unique identifier of identityProviderBase[InternalDomainFederationId <String>]: The unique identifier of internalDomainFederation[OnPremisesDirectorySynchronizationId <String>]: The unique identifier of onPremisesDirectorySynchronization[OrgContactId <String>]: The unique identifier of orgContact[OrganizationId <String>]: The unique identifier of organization[OrganizationalBrandingLocalizationId <String>]: The unique identifier of organizationalBrandingLocalization[ProfileCardPropertyId <String>]: The unique identifier of profileCardProperty[RoleTemplateId <String>]: Alternate key of directoryRole[ScopedRoleMembershipId <String>]: The unique identifier of scopedRoleMembership[SubscribedSkuId <String>]: The unique identifier of subscribedSku[UserId <String>]: The unique identifier of user