Remove-EntraDirectoryRoleMember

Module:

Microsoft.Entra

Removes a member of a directory role.

Syntax

Remove-EntraDirectoryRoleMember
      -DirectoryRoleId <String>
      -MemberId <String>
      [<CommonParameters>]

Description

The Remove-EntraDirectoryRoleMember cmdlet removes a member from a directory role in Microsoft Entra ID.

In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are:

• Privileged Role Administrator

Examples

Example 1: Remove a member from a directory role

Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$directoryRole = Get-EntraDirectoryRole -Filter "displayName eq 'Helpdesk Administrator'"
$member = Get-EntraDirectoryRoleMember -DirectoryRoleId $directoryRole.Id | Select Id, DisplayName, '@odata.type' | Where-Object {$_.DisplayName -eq 'Sawyer Miller'}
Remove-EntraDirectoryRoleMember -DirectoryRoleId $directoryRole.Id -MemberId $member.Id

This example removes the specified member from the specified role.

• -DirectoryRoleId - specifies the unique identifier (ObjectId) of the directory role from which the member will be removed.

• -MemberId - specifies the unique identifier (MemberId) of the member (user, group, or service principal) that is to be removed from the specified directory role.

Parameters

-DirectoryRoleId

Specifies the object ID of a directory role in Microsoft Entra ID.

Type:	System.String
Aliases:	ObjectId
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-MemberId

Specifies the object ID of a role member.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

Related Links

• Add-EntraDirectoryRoleMember
• Get-EntraDirectoryRoleMember