Get-EntraUserRole
Retrieves the list of directory roles assigned to a user.
Syntax
Get-EntraUserRole
-UserId <String>
[-All]
[-Filter <String>]
[-Top <Int32>]
[-Property <String[]>]
[-Sort <String[]>]
[<CommonParameters>] Get-EntraUserRole
-UserId <String>
-DirectoryRoleId <String>
[-Property <String[]>]
[<CommonParameters>] Description
The Get-EntraUserRole cmdlet Retrieves the list of directory roles assigned to a specific user.
Examples
Example 1: Get list of directory roles assigned to a specific user
Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserRole -UserId 'SawyerM@contoso.com'
DeletedDateTime Id DisplayName RoleTemplateId
--------------- -- ----------- --------------
bbbbbbbb-1111-2222-3333-ccccccccccc Helpdesk Administrator 729827e3-9c14-49f7-bb1b-9608f156bbb8
dddddddd-3333-4444-5555-eeeeeeeeeeee Directory Readers 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
cccccccc-2222-3333-4444-dddddddddddd Application Administrator 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Guest Inviter 95e79109-95c0-4d8e-aee3-d01accf2d47bThis cmdlet retrieves the list of directory roles for a specific user.
Example 2: Get directory roles for a specific user using All parameter
Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserRole -UserId 'SawyerM@contoso.com' -All
DeletedDateTime Id DisplayName RoleTemplateId
--------------- -- ----------- --------------
bbbbbbbb-1111-2222-3333-ccccccccccc Helpdesk Administrator 729827e3-9c14-49f7-bb1b-9608f156bbb8
dddddddd-3333-4444-5555-eeeeeeeeeeee Directory Readers 88d8e3e3-8f55-4a1e-953a-9b9898b8876b
cccccccc-2222-3333-4444-dddddddddddd Application Administrator 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Guest Inviter 95e79109-95c0-4d8e-aee3-d01accf2d47bThis cmdlet retrieves the directory roles for a specific user using All parameter.
Example 3: Get top two directory roles for a specific user
Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserRole -UserId 'SawyerM@contoso.com' -Top 2
DeletedDateTime Id DisplayName RoleTemplateId
--------------- -- ----------- --------------
bbbbbbbb-1111-2222-3333-ccccccccccc Helpdesk Administrator 729827e3-9c14-49f7-bb1b-9608f156bbb8
dddddddd-3333-4444-5555-eeeeeeeeeeee Directory Readers 88d8e3e3-8f55-4a1e-953a-9b9898b8876bThis cmdlet retrieves top two directory roles for a specific user.
Example 4: Get assigned directory roles for a specific user by DirectoryRoleId
Connect-Entra -Scopes 'Directory.Read.All'
$role = Get-EntraDirectoryRole -Filter "displayName eq 'Helpdesk Administrator'"
Get-EntraUserRole -UserId 'SawyerM@contoso.com' -DirectoryRoleId $role.Id
DeletedDateTime Id DisplayName RoleTemplateId
--------------- -- ----------- --------------
bbbbbbbb-1111-2222-3333-ccccccccccc Helpdesk Administrator 729827e3-9c14-49f7-bb1b-9608f156bbb8This cmdlet retrieves the directory roles for a specific user by DirectoryRoleId parameter.
-DirectoryRoleIdparameter specifies the Directory role ID.
Parameters
-All
List all pages.
| Type: | System.Management.Automation.SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DirectoryRoleId
The unique ID of the directory role.
| Type: | System.String |
| Aliases: | DirectoryRoleObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Property
Specifies properties to be returned
| Type: | System.String[] |
| Aliases: | Select |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Top
The maximum number of the directory roles assigned to a specific user.
| Type: | System.Int32 |
| Aliases: | Limit |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Outputs
System.Object