Enable-EntraDirectoryRole

Activates an existing directory role in Microsoft Entra ID.

Syntax

Enable-EntraDirectoryRole
      [-RoleTemplateId <String>]
      [<CommonParameters>]

Description

The Enable-EntraDirectoryRole cmdlet activates an existing directory role in Microsoft Entra ID.

The Company Administrators and the default user directory roles (User, Guest User, and Restricted Guest User) are activated by default. To access and assign members to other directory roles, you must first activate them using their corresponding directory role template ID.

Examples

Example 1: Enable a directory role

Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$InviterRole = Get-EntraDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq 'Guest Inviter'}
Enable-EntraDirectoryRole -RoleTemplateId $InviterRole.ObjectId

DeletedDateTime Id                                   Description                                      DisplayName   RoleTemplateId
--------------- --                                   -----------                                      -----------   --------------
                b5baa59b-86ab-4053-ac3a-0396116d1924 Guest Inviter has access to invite guest users.  Guest Inviter 92ed04bf-c94a-4b82-9729-b799a7a4c178

The example shows how to enable the directory role.

You can use Get-EntraDirectoryRoleTemplate to fetch a specific directory role to activate.

  • RoleTemplateId parameter specifies the ID of the role template to enable.

Parameters

-RoleTemplateId

The ID of the Role template to enable.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Notes