Get-EntraDirectoryRole

Module:

Microsoft.Graph.Entra

Gets a directory role.

Syntax

Get-EntraDirectoryRole
   [-Filter <String>]
   [-Property <String[]>]
   [<CommonParameters>]

Get-EntraDirectoryRole
   -ObjectId <String>
   [-Property <String[]>]
   [<CommonParameters>]

Description

The Get-EntraDirectoryRole cmdlet gets a directory role from Microsoft Entra ID.

Examples

Example 1: Get a directory role by ID

Connect-Entra -Scopes 'RoleManagement.Read.Directory'
Get-EntraDirectoryRole -ObjectId '019ea7a2-1613-47c9-81cb-20ba35b1ae48'

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator              Company Administrator role has full access to perform any operation in the company scope.

This command gets the specified directory role.

Example 2: Get all directory roles

Connect-Entra -Scopes 'RoleManagement.Read.Directory'
Get-EntraDirectoryRole

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator              Company Administrator role has full access to perform any operation in the company scope.
2b3a80bc-51a4-476d-8e09-cd8b6cdde5ea Directory Writers                  Allows access read tasks and a subset of write tasks in the directory.
526b7173-5a6e-49dc-88ec-b677a9093709 User Account Administrator         User Account Administrator has access to perform common user management related tasks.
542f5aef-b23f-4e34-a838-6f2b9205b3d6 Directory Synchronization Accounts Directory Synchronization Accounts
68239fa3-6b01-4396-aeb4-6af38a1b6abf Directory Readers                  Allows access to various read only tasks in the directory.
8c6a5c45-e93e-4f2b-81be-b57ad4c43ddd Privileged Role Administrator      Privileged Role Administrator has access to perform common role management related tasks.
8f8a1cf4-d535-4ccd-8552-7267c7ee0a88 Helpdesk Administrator             Helpdesk Administrator has access to perform common helpdesk related tasks.
b89a48d4-7595-48d0-bb36-69fe4b220668 Device Administrators              Device Administrators
d96eb2b3-0970-4827-8f26-6008efd86511 Security Administrator             Security Administrator allows ability to read and manage security configuration and reports.

This command gets all the directory roles.

Example 3: Get a directory role filter by ObjectId

Connect-Entra -Scopes 'RoleManagement.Read.Directory'
Get-EntraDirectoryRole -Filter "ObjectId eq '019ea7a2-1613-47c9-81cb-20ba35b1ae48'"

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator              Company Administrator role has full access to perform any operation in the company scope.

This command gets the directory role by ObjectId.

Example 4: Get a directory role filter by displayName

Connect-Entra -Scopes 'RoleManagement.Read.Directory'
Get-EntraDirectoryRole -Filter "displayName eq 'Company Administrator'"

ObjectId                             DisplayName                        Description
--------                             -----------                        -----------
019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator              Company Administrator role has full access to perform any operation in the company scope.

This command gets the directory role by display name.

Parameters

-Filter

The oData v3.0 filter statement. Controls which objects are returned.

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-ObjectId

Specifies the ID of a directory role in Microsoft Entra ID.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Property

Specifies properties to be returned

Type:	System.String[]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Related Links

• Enable-EntraDirectoryRole