Forum Discussion
Olivier_Lumeau
Jan 16, 2025Brass Contributor
List eligible roles with PowerShell
Hi guys, does someone knows or has a script (or other thing like CLI commands or others) to List all eligible roles in Azure.
And, finally, list these eligible roles from a specific user to be able to assign them to another user that must have the same profile with same rights?
Thanks in advance.
- kyazaferrSteel Contributor
az ad user show --id <userUPN> --query "assignedRoles"
az ad role list --query "[].{RoleName:displayName, RoleId:id}" --output table
- kyazaferrSteel Contributor
Get-AzureADMSRoleDefinition | Select DisplayName, Id, IsEnabled
# Connect to Azure AD
Connect-AzureAD# List all roles assigned to a specific user
$userId = "<UserObjectId>" # Replace with the User Object ID
Get-AzureADUserAppRoleAssignment -ObjectId $userId | Select-Object ResourceDisplayName, AppRoleId, Id# Get the list of roles assigned to the original user
$originalUserId = "<OriginalUserObjectId>" # Replace with the Original User Object ID
$newUserId = "<NewUserObjectId>" # Replace with the New User Object ID$roles = Get-AzureADUserAppRoleAssignment -ObjectId $originalUserId
# Loop through each role and assign it to the new user
foreach ($role in $roles) {
New-AzureADUserAppRoleAssignment -ObjectId $newUserId -ResourceId $role.ResourceId -AppRoleId $role.AppRoleId
} - kyazaferrSteel Contributor
# Connect to Azure AD
Connect-AzureAD# List all eligible roles for the Azure AD tenant
Get-AzureADMSPrivilegedRoleSetting | Select-Object DisplayName, RoleDefinitionId, IsEnabled, ResourceId