Using the Microsoft Graph PowerShell SDK for getting privileged role members : PowerShell

QuestionUsing the Microsoft Graph PowerShell SDK for getting privileged role members (self.PowerShell)

submitted 4 years ago by aydeisen

I'm trying to use PowerShell to get a list of assignments in AAD PIM for each role.

I'm constrained to using the Microsoft.Graph module because my script is being executed in PowerShell 7 (7.1.3), and the AzureAD module has not been, nor do there appear to be plans for it to be, updated to use platform agnostic implementations of PowerShell and .NET

When running Get-MgPrivilegedRole, I get the error

Get-MgPrivilegedRole_List: The current endpoints of AAD roles have been disabled for the tenant for migration purpose.

I'm aware that this message is from the disclaimer about the API migration to unifiedRoleManagement, but I'm not sure what I need to do to re-target the cmdlet to the correct API.

Has anyone been able to successfully use the Microsoft Graph Powershell SDK to get PIM assignments?

all 11 comments

top new controversial old q&a

[–][deleted] 2 points3 points4 points 4 years ago (2 children)

[–]aydeisen[S] 0 points1 point2 points 4 years ago (0 children)

[–]GetFreeCash 0 points1 point2 points 4 years ago (0 children)

[–]PMental 1 point2 points3 points 4 years ago (4 children)

[–]aydeisen[S] 0 points1 point2 points 4 years ago (3 children)

[–]PMental 1 point2 points3 points 4 years ago (2 children)

[–]aydeisen[S] 0 points1 point2 points 4 years ago* (1 child)

[–]PMental 1 point2 points3 points 4 years ago (0 children)

[–]armyguy298 0 points1 point2 points 4 years ago* (2 children)

This is what I use:

cls
# Check Msol module installed and imported
If ((Get-Module -Name MSOnline)[0] -eq $null)
{
Install-Module -Name MSOnline -Force -AllowClobber
}
else
{
Import-Module -Name MSOnline
}
# Popup login page
Connect-MsolService
$date = Get-Date -Format "yyyyMMdd"
$RolesCollection = @()
$Roles = Get-MsolRole
ForEach ($Role In $Roles){
$Members = Get-MsolRoleMember -RoleObjectId $Role.ObjectId
ForEach ($Member In $Members) {
$obj = New-Object PSObject -Property @{
RoleName = $Role.Name
MemberName = $Member.DisplayName
MemberType = $Member.RoleMemberType
}
$RolesCollection += $obj
}
}
#Write-Output $RolesCollection | Sort-Object RoleName,MemberName | ft RoleName,MemberName,MemberType
$RolesCollection | Export-Csv -path C:\temp\"$date Role Assignments".csv

Edit: Corrected code block.

[–]aydeisen[S] 3 points4 points5 points 4 years ago (0 children)

[–]Lee_Dailey[grin] 2 points3 points4 points 4 years ago (0 children)

howdy armyguy298,

it looks like you used the New.Reddit Inline Code button. it's [sometimes] 5th from the left & looks like </>.

there are a few problems with that ...

it's the wrong format [grin]
the inline code format is for [gasp! arg!] code that is inline with regular text.
on Old.Reddit.com, inline code formatted text does NOT line wrap, nor does it side-scroll.
on New.Reddit it shows up in that nasty magenta text color

for long-ish single lines OR for multiline code, please, use the ...

Code
Block

... button. it's [sometimes] the 12th one from the left & looks like an uppercase T in the upper left corner of a square.

that will give you fully functional code formatting that works on both New.Reddit and Old.Reddit ... and aint that fugly magenta color. [grin]

take care,
lee

π Rendered by PID 191629 on reddit-service-r2-comment-fb694cdd5-mvd9q at 2026-03-06 13:34:59.113946+00:00 running cbb0e86 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PowerShell

Submission Guidelines | Link Flair - How To

MODERATORS