Remove-RdsRoleAssignment
Removes a role assignment.
Syntax
EmptyParameterSet (Default)
Remove-RdsRoleAssignment
[<CommonParameters>]
SignInNameRoleAssignmentDeploymentScopeParameterSet
Remove-RdsRoleAssignment
[-TenantGroupName <String>]
[-TenantName <String>]
[-HostPoolName <String>]
[-AppGroupName <String>]
[<CommonParameters>]
SignInNameRoleAssignmentTenantGroupScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-SignInName <string>
-TenantName <string>
[-AADTenantId <string>]
[-TenantGroupName <string>]
[<CommonParameters>]
SignInNameRoleAssignmentHostPoolScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-SignInName <string>
-TenantName <string>
-HostPoolName <string>
[-AADTenantId <string>]
[-TenantGroupName <string>]
[<CommonParameters>]
SignInNameRoleAssignmentAppGroupScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-SignInName <string>
-TenantName <string>
-HostPoolName <string>
-AppGroupName <string>
[-AADTenantId <string>]
[-TenantGroupName <string>]
[<CommonParameters>]
SPNRoleAssignmentDeploymentScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-ApplicationId <string>
-Deployment
[<CommonParameters>]
SPNRoleAssignmentTenantGroupScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-ApplicationId <string>
-TenantGroupName <string>
[<CommonParameters>]
SPNRoleAssignmentTenantScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-ApplicationId <string>
-TenantName <string>
[-TenantGroupName <string>]
[<CommonParameters>]
SPNRoleAssignmentHostPoolScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-ApplicationId <string>
-TenantName <string>
-HostPoolName <string>
[-TenantGroupName <string>]
[<CommonParameters>]
ServicePrincipalParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <String>
-ApplicationId <String>
[-TenantGroupName <String>]
[-TenantName <String>]
[-HostPoolName <String>]
[-AppGroupName <String>]
[<CommonParameters>]
SPNRoleAssignmentAppGroupScopeParameterSet
Remove-RdsRoleAssignment
[-RoleDefinitionName] <string>
-ApplicationId <string>
-TenantName <string>
-HostPoolName <string>
-AppGroupName <string>
[-TenantGroupName <string>]
[<CommonParameters>]
GroupRoleAssignmentDeploymentScopeParameterSet
Remove-RdsRoleAssignment
-RoleDefinitionName <string>
-GroupObjectId <string>
-AADTenantId <string>
-Deployment
[<CommonParameters>]
GroupRoleAssignmentTenantGroupScopeParameterSet
Remove-RdsRoleAssignment
-RoleDefinitionName <string>
-GroupObjectId <string>
-AADTenantId <string>
-TenantGroupName <string>
[<CommonParameters>]
GroupRoleAssignmentTenantScopeParameterSet
Remove-RdsRoleAssignment
-RoleDefinitionName <string>
-TenantName <string>
[-GroupObjectId <string>]
[-AADTenantId <string>]
[-TenantGroupName <string>]
[<CommonParameters>]
GroupRoleAssignmentHostPoolScopeParameterSet
Remove-RdsRoleAssignment
-RoleDefinitionName <string>
-TenantName <string>
-HostPoolName <string>
[-GroupObjectId <string>]
[-AADTenantId <string>]
[-TenantGroupName <string>]
[<CommonParameters>]
GroupRoleAssignmentAppGroupScopeParameterSet
Remove-RdsRoleAssignment
-RoleDefinitionName <string>
-TenantName <string>
-HostPoolName <string>
-AppGroupName <string>
[-GroupObjectId <string>]
[-AADTenantId <string>]
[-TenantGroupName <string>]
[<CommonParameters>]
Description
The Remove-RdsRoleAssignment cmdlet removes a role assignment by specifying the three properties of a role assignment: the role, the principal, and the scope.
To define the role, you can use one of the following parameters:
RDS Owner
RDS Contributor
RDS Reader
RDS Operator
To specify the principal, you can use one of the following parameters:
SignInName
ApplicationId
GroupObjectId
To define the scope, you can use a combination of the following parameters:
TenantGroupName
TenantName
HostPoolName
AppGroupName
Examples
Example 1: Remove a role assignment for a user
PS C:\> Remove-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -SignInName "admin@contoso.com" -TenantGroupName "Default Tenant Group" -TenantName "contoso" -HostPoolName "contosoHostPool" -AppGroupName "Desktop Application Group"
This command removes the role assignment for admin@contoso.com who is assigned to the RDS Owner role at the "Desktop Application Group" app group scope.
Example 2: Remove a role assignment for a service principal
PS C:\> Remove-RdsRoleAssignment -RoleDefinitionName "RDS Reader" -ApplicationId "yyyy-yyyy-yyyy-yyyy-yyyy" -TenantGroupName "contosoTenantGroup" -TenantName "contosoA" -HostPoolName "contosoAHostPool"
This command removes the role assignment for the specified service principal who is assigned to the RDS Reader role at the "contosoAHostPool" host pool scope.
Example 3: Remove a role assignment for an Azure AD group
PS C:\> Remove-RdsRoleAssignment -RoleDefinitionName "RDS Operator" -GroupObjectId "aaaa-aaaa-aaaa-aaaa-aaaa" -TenantGroupName "contosoTenantGroup" -TenantName "contosoA"
This command removes the role assignment for the specified Azure AD group who is assigned to the RDS Operator role at the "contosoA" tenant scope.
Parameters
-AADTenantId
The Azure Active Directory tenant ID of the user. This is required when assigning a user at the tenant group scope. This is also required when assigning a user at the tenant, host pool, or app group scope when they do not exist in the Azure AD tenant associated with the Windows Virtual Desktop tenant.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SignInNameRoleAssignmentDeploymentScopeParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
SignInNameRoleAssignmentTenantGroupScopeParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
GroupRoleAssignmentDeploymentScopeParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
GroupRoleAssignmentTenantGroupScopeParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-AppGroupName
The name of the app group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ApplicationId
The application ID of the service principal.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: SPN, ServicePrincipalName
Parameter sets
ServicePrincipalParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Deployment
A scope specific to Windows Virtual Desktop.
Parameter properties
Type: Switch
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-GroupObjectId
The object ID of the Azure AD group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: UserGroupObjectId
Parameter sets
GroupObjectIdParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-HostPoolName
The name of the host pool.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-RoleDefinitionName
The name of the role.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SignInNameParameterSet
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
ServicePrincipalParameterSet
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
GroupObjectIdParameterSet
Position: 0 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-SignInName
The user principal name (UPN) of the user.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Email, UserPrincipalName
Parameter sets
SignInNameParameterSet
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TenantGroupName
The name of the tenant group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TenantName
The name of the tenant.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
System.String
Outputs
System.Object