Enable-EntraDirectoryRole
Activates an existing directory role in Microsoft Entra ID.
Syntax
Enable-EntraDirectoryRole
[-RoleTemplateId <String>]
[<CommonParameters>] Description
The Enable-EntraDirectoryRole cmdlet activates an existing directory role in Microsoft Entra ID.
The Company Administrators and the default user directory roles (User, Guest User, and Restricted Guest User) are activated by default. To access and assign members to other directory roles, you must first activate them using their corresponding directory role template ID.
In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are:
- Privileged Role Administrator
Examples
Example 1: Enable a directory role
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$guestRole = Get-EntraDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq 'Guest Inviter'}
Enable-EntraDirectoryRole -RoleTemplateId $guestRole.Id
DeletedDateTime Id Description DisplayName RoleTemplateId
--------------- -- ----------- ----------- --------------
b5baa59b-86ab-4053-ac3a-0396116d1924 Guest Inviter has access to invite guest users. Guest Inviter 92ed04bf-c94a-4b82-9729-b799a7a4c178The example shows how to enable the directory role.
You can use Get-EntraDirectoryRoleTemplate to fetch a specific directory role to activate.
RoleTemplateIdparameter specifies the ID of the role template to enable.
Parameters
-RoleTemplateId
The ID of the Role template to enable.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Notes
- For additional details see Activate directoryRole.