Functions/Get-AzureADRoleMembers.ps1
|
function Get-AzureADRoleMembers { [CmdletBinding()] param ( # [Parameter()] [string] $ParameterName ) $result = @() Write-Verbose "Get-MgRoleManagementDirectoryRoleDefinition -All" $Roles = Get-MgRoleManagementDirectoryRoleDefinition -All Write-Verbose "Get-MgRoleManagementDirectoryRoleAssignment -All" $RoleAssignments = Get-MgRoleManagementDirectoryRoleAssignment -All Write-Verbose "Get-MgUser -All" $Users = Get-MgUser -All foreach ($a in $RoleAssignments) { # $a.Id $CurrentRole = $Roles | Where-Object Id -EQ $a.RoleDefinitionId # $CurrentRole $CurrentUser = $Users | Where-Object Id -EQ $a.PrincipalId # $CurrentUser if ($CurrentUser) { $obj = [PSCustomObject]@{ RoleName = $CurrentRole.DisplayName UserDisplayName = $CurrentUser.DisplayName EmailAddress = $CurrentUser.UserPrincipalName } $result += $obj } } return $result } |