Add-EntraDirectoryRoleMember
Adds a member to a directory role.
Syntax
Add-EntraDirectoryRoleMember
-DirectoryRoleId <String>
-RefObjectId <String>
[<CommonParameters>] Description
The Add-EntraDirectoryRoleMember cmdlet adds a member to a Microsoft Entra ID role.
In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are:
- Privileged Role Administrator
Examples
Example 1: Add a member to a Microsoft Entra ID role
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$directoryRole = Get-EntraDirectoryRole -Filter "DisplayName eq 'Helpdesk Administrator'"
$user = Get-EntraUser -UserId 'SawyerM@Contoso.com'
Add-EntraDirectoryRoleMember -DirectoryRoleId $directoryRole.Id -RefObjectId $user.IdThis example adds a member to a directory role.
DirectoryRoleIdparameter specifies the ID of the directory role to which the member is added. Use the Get-EntraDirectoryRole command to retrieve the details of the directory role.RefObjectIdparameter specifies the ID of Microsoft Entra ID object to assign as owner/manager/member.
Parameters
-DirectoryRoleId
Specifies the ID of a directory role in Microsoft Entra ID.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RefObjectId
Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |