2 min read

List all Azure Active Directory Roles using PowerShell

List all Azure Active Directory Roles using PowerShell
List all Azure Active Directory Roles using PowerShell

In this blog post, I will show you how to use Microsoft.Graph PowerShell module to list all the Azure AD directory roles in your tenant. The Microsoft.Graph module is the recommended module for working with Azure AD and other Microsoft services, as Microsoft is not planning to invest further in the AzureAD PowerShell module. Therefore, it is advisable to move your automation scripts and tools to the Microsoft.Graph module to ensure that they continue to work in the future.

How to install Microsoft.Graph PowerShell Module

Install the module first from the PowerShell Script Gallery. 

Install-Module Microsoft.Graph -Force -Verbose

After installing the Microsoft Graph PowerShell module, you can use the Connect-MgGraph cmdlet to establish a connection to the MS Graph API and access the Azure AD directory roles in your tenant. When connecting to the Microsoft Graph API, you need to specify the scope of the permissions you want to grant to your connection. In this example, we have limited the connection to the Directory.Read.All permission, which allows us to read all the directory roles in the tenant.

Once the connection has been established, we can use the Get-MgDirectoryRoleTemplate cmdlet to retrieve all the Azure AD directory roles in our tenant and export them as a JSON file. This cmdlet returns the role DisplayName, ID, Description

$Scopes = @(
    "Directory.Read.All"
)

Connect-MgGraph -Scopes $Scopes -ForceRefresh

Get-MgDirectoryRoleTemplate | 
    Select-Object -Property DisplayName,Id,Description | 
    Sort-Object -Property DisplayName | ConvertTo-Json | Out-File "C:\Reports\AADRoles.JSON"

Get-MgDirectoryRoleTemplate output

Get-MgDirectoryRoleTemplate output

After storing the Azure AD directory roles on your GitHub account, you can use them to build various automation use cases. For example, you can use the following code snippet to list all the roles from GitHub and then add additional logic as needed:

#Azure AD Role names and IDs on my GitHub account
$URL = "https://raw.githubusercontent.com/Kaidja/AzureActiveDirectory/main/AzureADRoles.json"
#Convert Azure AD Roles from JSON
$AADGitHubRoles = (Invoke-WebRequest -Uri $URL -UseBasicParsing).Content | ConvertFrom-Json

Please check my GitHub account to see all the script examples and Azure AD Roles.

AzureActiveDirectory/AzureADRoles.json at main · Kaidja/AzureActiveDirectory
Automation around Azure Active Directory. Contribute to Kaidja/AzureActiveDirectory development by creating an account on GitHub.
GitHubKaidja

Summary

Do you want to automate your Azure AD processes and save time and effort? I can help you create custom automation scripts and tools. Contact me today to learn more and schedule a consultation.

Published by:

Kaido Järvemets

Member discussion