Remove-EntraScopedRoleMembership
Removes a scoped role membership.
Syntax
Remove-EntraScopedRoleMembership
-AdministrativeUnitId <String>
-ScopedRoleMembershipId <String>
[<CommonParameters>] Description
The Remove-EntraScopedRoleMembership cmdlet removes a scoped role membership from Microsoft Entra ID. Specify AdministrativeUnitId and ScopedRoleMembershipId parameter to remove a scoped role membership.
Examples
Example 1: Remove a scoped role membership
Connect-Entra -Scopes 'RoleManagement.Read.Directory'
$role = Get-EntraDirectoryRole -Filter "DisplayName eq 'Helpdesk Administrator'"
$administrativeUnit = Get-EntraAdministrativeUnit -Filter "DisplayName eq 'Pacific Administrative Unit'"
$roleMembership = Get-EntraScopedRoleMembership -AdministrativeUnitId $administrativeUnit.Id | Where-Object {$_.RoleId -eq $role.Id}
Remove-EntraScopedRoleMembership -AdministrativeUnitId $administrativeUnit.Id -ScopedRoleMembershipId $roleMembership.IdThis cmdlet removes a specific scoped role membership from Microsoft Entra ID. You can use the command Get-EntraAdministrativeUnit to get administrative unit Id.
-AdministrativeUnitIdparameter specifies the ID of an administrative unit.-ScopedRoleMembershipIdparameter specifies the ID of the scoped role membership to remove. To obtain the details of a scoped role membership, you can use theGet-EntraScopedRoleMembershipcommand.
Parameters
-AdministrativeUnitId
Specifies the ID of an administrative unit object.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ScopedRoleMembershipId
Specifies the ID of the scoped role membership to remove.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |