Forum Discussion
Not able to get app roles assigned to groups
Hi everyone,
I'm trying to get the app roles assigned to a certain group but I'm only able to get the ObjectId, ResourceDisplayName and PrincipalDisplayName and not the actual role assigned. I'm using the following command 'Get-AzureADGroupAppRoleAssignment -ObjectId'. Does anyone know how I can get the actual roles assigned?
2 Replies
Hi,
You can do it with Graph API, but from Powershell using cmdlets and without querying the API yourself you can do the following -
You can use Microsoft.Graph powershell module, to get the roles assigned to a group.Using this function
# Replace with your group ID or objectId $GroupId = "<your-group-object-id>" # Get all role assignments $assignments = Get-MgRoleManagementDirectoryRoleAssignment -Filter "principalId eq '$GroupId'" # Get readable role names foreach ($assignment in $assignments) { $roleDef = Get-MgRoleManagementDirectoryRoleDefinition -RoleDefinitionId $assignment.RoleDefinitionId Write-Output "Role: $($roleDef.DisplayName) - Scope: $($assignment.DirectoryScopeId)" }Don't forget to connect first using Connect-MgGraph.
If you don't have the module you can easily download it using Install-Module Microsoft.GraphHi TimonBosch​ did you find a solution? I ran into the same problem.
