Get-RdsRoleAssignment
Lists role assignments at a defined scope.
Syntax
Get-RdsRoleAssignment
[-SignInName <String>]
[-TenantGroupName <String>]
[-TenantName <String>]
[-HostPoolName <String>]
[-AppGroupName <String>]
[<CommonParameters>]
Get-RdsRoleAssignment
[-SignInName <String>]
[-TenantGroupName <String>]
[-TenantName <String>]
[-HostPoolName <String>]
[-AppGroupName <String>]
[<CommonParameters>]
Get-RdsRoleAssignment
[-ServicePrincipalName <String>]
[-TenantGroupName <String>]
[-TenantName <String>]
[-HostPoolName <String>]
[-AppGroupName <String>]
[<CommonParameters>]
Get-RdsRoleAssignment
[-GroupObjectId <String>]
[-TenantGroupName <String>]
[-TenantName <String>]
[-HostPoolName <String>]
[-AppGroupName <String>]
[<CommonParameters>]
Description
The Get-RdsRoleAssignment cmdlet lists all role assignments at the defined scope. Without any parameters, this command returns all the role assignments starting at the highest scope authorized to the current user. To define the scope, you can use a combination of the following parameters:
- TenantGroupName
- TenantName
- HostPoolName
- AppGroupName
This list can be also be filtered by specifying the principal of the role assignment. To specify the principal, you can use one of the following parameters:
- SignInName
- ServicePrincipalName
- GroupObjectId
Examples
Example 1: List all role assignments
PS C:\> Get-RdsRoleAssignment
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /Default Tenant Group/contoso/contosoHostPool/Desktop Application Group
TenantGroupName : Default Tenant Group
TenantName : contoso
HostPoolName : contosoHostPool
AppGroupName : Desktop Application Group
DisplayName : admin
SignInName : admin@contoso.com
GroupObjectId : aaaa-aaaa-aaaa-aaaa-aaaa
AADTenantId : xxxx-xxxx-xxxx-xxxx-xxxx
AppId : yyyy-yyyy-yyyy-yyyy-yyyy
RoleDefinitionName : RDS Owner
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : User
Item :
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /Default Tenant Group/contoso
TenantGroupName : Default Tenant Group
TenantName : contoso
HostPoolName :
AppGroupName :
DisplayName :
SignInName :
GroupObjectId : 0000-0000-0000-0000-0000
AADTenantId : 0000-0000-0000-0000-0000
AppId : yyyy-yyyy-yyyy-yyyy-yyyy
RoleDefinitionName : RDS Reader
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : ServicePrincipal
Item :
This command gets all role assignments in the current context, starting at the highest scope authorized for the current user.
Example 2: List role assignments for a user
PS C:\> Get-RdsRoleAssignment -SignInName "admin@contoso.com"
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /contosoTenantGroup/contosoA/contosoAHostPool/Desktop Application Group
TenantGroupName : contosoTenantGroup
TenantName : contosoA
HostPoolName : contosoAHostPool
AppGroupName : Desktop Application Group
DisplayName : admin
SignInName : admin@contoso.com
GroupObjectId : aaaa-aaaa-aaaa-aaaa-aaaa
AADTenantId : 0000-0000-0000-0000-0000
AppId : yyyy-yyyy-yyyy-yyyy-yyyy
RoleDefinitionName : RDS Owner
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : User
Item :
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /contosoTenantGroup/contosoB/contosoBHostPool/Desktop Application Group
TenantGroupName : contosoTenantGroup
TenantName : contosoB
HostPoolName : contosoBHostPool
AppGroupName : Desktop Application Group
DisplayName : admin
SignInName : admin@contoso.com
GroupObjectId : aaaa-aaaa-aaaa-aaaa-aaaa
AADTenantId : 0000-0000-0000-0000-0000
AppId : yyyy-yyyy-yyyy-yyyy-yyyy
RoleDefinitionName : RDS Reader
RoleDefinitionId : 2ea11dc0-46e3-4ee8-f5db-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : User
Item :
This command gets all role assignments for the specified user in the current context.
Example 3: List role assignments for a service principal
PS C:\> Get-RdsRoleAssignment -ServicePrincipalName "yyyy-yyyy-yyyy-yyyy-yyyy"
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /contosoTenantGroup/contosoA/contosoAHostPool
TenantGroupName : contosoTenantGroup
TenantName : contosoA
HostPoolName : contosoAHostPool
AppGroupName :
DisplayName :
SignInName :
GroupObjectId : 0000-0000-0000-0000-0000
AADTenantId : 0000-0000-0000-0000-0000
AppId : yyyy-yyyy-yyyy-yyyy-yyyy
RoleDefinitionName : RDS Reader
RoleDefinitionId : 2ea11dc0-46e3-4ee8-f5db-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : ServicePrincipal
Item :
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /contosoTenantGroup/contosoB/contosoBHostPool/Desktop Application Group
TenantGroupName : contosoTenantGroup
TenantName : contosoB
HostPoolName : contosoBHostPool
AppGroupName : Desktop Application Group
DisplayName :
SignInName :
GroupObjectId : 0000-0000-0000-0000-0000
AADTenantId : 0000-0000-0000-0000-0000
AppId : yyyy-yyyy-yyyy-yyyy-yyyy
RoleDefinitionName : RDS Owner
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : ServicePrincipal
Item :
This command gets all role assignments for the specified service principal in the current context. You must provide the application ID of the service principal as the value of the parameter.
Example 4: List role assignments for an Azure AD group
PS C:\> Get-RdsRoleAssignment -GroupObjectId "aaaa-aaaa-aaaa-aaaa-aaaa"
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /contosoTenantGroup/contosoA
TenantGroupName : contosoTenantGroup
TenantName : contosoA
HostPoolName :
AppGroupName :
DisplayName :
SignInName :
GroupObjectId : aaaa-aaaa-aaaa-aaaa-aaaa
AADTenantId : dddd-dddd-dddd-dddd-dddd
AppId :
RoleDefinitionName : RDS Operator
RoleDefinitionId : 827a079d-aa89-4d0d-f5dd-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : Group
Item :
RoleAssignmentId : cccc-cccc-cccc-cccc-cccc
Scope : /contosoTenantGroup/contosoB/contosoBHostPool/Desktop Application Group
TenantGroupName : contosoTenantGroup
TenantName : contosoB
HostPoolName : ontosoBHostPool
AppGroupName : Desktop Application Group
DisplayName :
SignInName :
GroupObjectId : aaaa-aaaa-aaaa-aaaa-aaaa
AADTenantId : dddd-dddd-dddd-dddd-dddd
AppId :
RoleDefinitionName : RDS Owner
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : bbbb-bbbb-bbbb-bbbb-bbbb
ObjectType : Group
Item :
This command gets all role assignments for the specified Azure AD group in the current context.
Parameters
-AppGroupName
The name of the app group.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Deployment
A scope specific to Windows Virtual Desktop.
Type: | Switch |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-GroupObjectId
The object ID of the Azure AD group to filter for role assignments.
Type: | String |
Aliases: | UserGroupObjectId |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-HostPoolName
The name of the host pool.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ServicePrincipalName
The application ID of the service principal to filter for role assignments.
Type: | String |
Aliases: | SPN, ApplicationId |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-SignInName
The user principal name (UPN) of the user to filter for role assignments.
Type: | String |
Aliases: | Email, UserPrincipalName |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-TenantGroupName
The name of the tenant group.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-TenantName
The name of the tenant.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Inputs
System.String
Outputs
System.Object