Forum Discussion

Brass Contributor

Jan 16, 2025

List eligible roles with PowerShell

Hi guys, does someone knows or has a script (or other thing like CLI commands or others) to List all eligible roles in Azure. And, finally, list these eligible roles from a specific user to be ab...

kyazaferr

MCT

Jan 16, 2025

Get-AzureADMSRoleDefinition | Select DisplayName, Id, IsEnabled

# Connect to Azure AD
Connect-AzureAD

# List all roles assigned to a specific user
$userId = "<UserObjectId>" # Replace with the User Object ID
Get-AzureADUserAppRoleAssignment -ObjectId $userId | Select-Object ResourceDisplayName, AppRoleId, Id

# Get the list of roles assigned to the original user
$originalUserId = "<OriginalUserObjectId>" # Replace with the Original User Object ID
$newUserId = "<NewUserObjectId>" # Replace with the New User Object ID

$roles = Get-AzureADUserAppRoleAssignment -ObjectId $originalUserId

# Loop through each role and assign it to the new user
foreach ($role in $roles) {
New-AzureADUserAppRoleAssignment -ObjectId $newUserId -ResourceId $role.ResourceId -AppRoleId $role.AppRoleId
}