Edit

Share via

Add-EntraScopedRoleMembership

  • Reference
Module:
Microsoft.Graph.Entra

Adds a scoped role membership to an administrative unit.

Syntax

Add-EntraScopedRoleMembership
    -Id <String>
   [-RoleMemberInfo <MsRoleMemberInfo>]
    [-AdministrativeUnitId <String>]
    [-RoleId <String>] 
   [<CommonParameters>]

Description

The Add-EntraScopedRoleMembership cmdlet adds a scoped role membership to an administrative unit.

Examples

Example 1: Add a scoped role membership to an administrative unit

Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$User = Get-EntraUser -SearchString 'MarkWood'
$Role = Get-EntraDirectoryRole -Filter "DisplayName eq 'User Administrator'"
$Unit = Get-EntraAdministrativeUnit -Filter "DisplayName eq 'New MSAdmin unit'"
$RoleMember = New-Object -TypeName Microsoft.Open.MSGraph.Model.MsRolememberinfo.RoleMemberInfo
$RoleMember.Id = $User.ObjectID
Add-EntraScopedRoleMembership -Id $Unit.Id -RoleId $Role.ObjectId -RoleMemberInfo $RoleMember

AdministrativeUnitId     RoleId  
--------------------------            ------------  
11bb11bb-cc22-dd33-ee44-55ff55ff55ff  22cc22cc-dd33-ee44-ff55-66aa66aa66aa

The example shows how to add a user to the specified role within the specified administrative unit.

Parameters

-AdministrativeUnitId

Specifies the ID of an administrative unit.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Id

Specifies the ID of an administrative unit.

Type:System.String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RoleId

Specifies the ID of a directory role.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RoleMemberInfo

Specifies a RoleMemberInfo object.

Type:System.MsRoleMemberInfo
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False