Enable-EntraDirectoryRole
Activates an existing directory role in Microsoft Entra ID.
Syntax
Enable-EntraDirectoryRole
[-RoleTemplateId <String>]
[<CommonParameters>]
Description
The Enable-EntraDirectoryRole
cmdlet activates an existing directory role in Microsoft Entra ID.
The Company Administrators and the default user directory roles (User, Guest User, and Restricted Guest User) are activated by default. To access and assign members to other directory roles, you must first activate them using their corresponding directory role template ID.
Examples
Example 1: Enable a directory role
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory'
$InviterRole = Get-EntraDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq 'Guest Inviter'}
Enable-EntraDirectoryRole -RoleTemplateId $InviterRole.ObjectId
DeletedDateTime Id Description DisplayName RoleTemplateId
--------------- -- ----------- ----------- --------------
b5baa59b-86ab-4053-ac3a-0396116d1924 Guest Inviter has access to invite guest users. Guest Inviter 92ed04bf-c94a-4b82-9729-b799a7a4c178
The example shows how to enable the directory role.
You can use Get-EntraDirectoryRoleTemplate
to fetch a specific directory role to activate.
RoleTemplateId
parameter specifies the ID of the role template to enable.
Parameters
-RoleTemplateId
The ID of the Role template to enable.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Notes
- For additional details see Activate directoryRole.