Get-EntraBetaScopedRoleMembership
List Microsoft Entra role assignments with administrative unit scope.
Syntax
Default (Default)
Get-EntraBetaScopedRoleMembership
-AdministrativeUnitId <String>
[-ScopedRoleMembershipId <String>]
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraBetaScopedRoleMembership cmdlet lists Microsoft Entra role assignments with an administrative unit scope. Use the AdministrativeUnitId parameter to retrieve a specific scoped role membership.
Examples
Example 1: Get Scoped Role Administrator
Connect-Entra -Scopes 'RoleManagement.Read.Directory'
$role = Get-EntraBetaDirectoryRole -Filter "DisplayName eq 'Helpdesk Administrator'"
$administrativeUnit = Get-EntraBetaAdministrativeUnit -Filter "DisplayName eq 'Pacific Administrative Unit'"
$roleMembership = Get-EntraBetaScopedRoleMembership -AdministrativeUnitId $administrativeUnit.Id | Where-Object {$_.RoleId -eq $role.Id}
Get-EntraBetaScopedRoleMembership -AdministrativeUnitId $administrativeUnit.Id -ScopedRoleMembershipId $roleMembership.Id
Id AdministrativeUnitId RoleId
-- -------------------- ------
dddddddddddd-bbbb-aaaa-bbbb-cccccccccccc aaaaaaaa-bbbb-aaaa-bbbb-cccccccccccc bbbbbbbb-1111-2222-3333-cccccccccccc
This example gets scoped role administrator. You cane use the command Get-EntraBetaAdministrativeUnit to get administrative unit Id.
-AdministrativeUnitIdparameter specifies the ID of an administrative unit.-ScopedRoleMembershipIdparameter specifies the scoped role membership Id.
Example 2: List scoped administrators for administrative unit by AdministrativeUnitId
Connect-Entra -Scopes 'RoleManagement.Read.Directory'
$administrativeUnit = Get-EntraBetaAdministrativeUnit -Filter "DisplayName eq 'Pacific Administrative Unit'"
Get-EntraBetaScopedRoleMembership -AdministrativeUnitId $administrativeUnit.Id
Id AdministrativeUnitId RoleId
-- -------------------- ------
dddddddddddd-bbbb-aaaa-bbbb-cccccccccccc aaaaaaaa-bbbb-aaaa-bbbb-cccccccccccc bbbbbbbb-1111-2222-3333-cccccccccccc
This example list scoped administrators with AdministrativeUnitId.
-AdministrativeUnitIdparameter specifies the ID of an administrative unit.
Parameters
-AdministrativeUnitId
Specifies the ID of an administrative unit object.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Property
Specifies properties to be returned.
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ScopedRoleMembershipId
Specifies the ID of a scoped role membership.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.