I am not powerfull in powershell script as of now, learning day by day.
Can some one help to get the details of all users from Azure for their Role assignement with expandprinipalgroups
I have tried for one user and it is working fine but when i run the query for all azusers then it gives error
i am trying below one
$user = (Get-AzADUser).UserPrincipalname
Get-AzRoleAssignment -SignInName $user -ExpandPrincipalGroups | Select-Object DisplayName,RoleDefinitionName, Scope
Get-AzRoleAssignment -SignInName $user -ExpandPrincipalGroups | Select-Object DisplayName,RoleDefinitionName, Scope Get-AzRoleAssignment : Cannot find principal using the specified options At line:1 char:1
- Get-AzRoleAssignment -SignInName $user -ExpandPrincipalGroups | Selec ...
-
CategoryInfo : CloseError: (:) [Get-AzRoleAssignment], KeyNotFoundException FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand
CodePudding user response:
welcome back suri,
you need to pass the parameter SignInName of the command Get-AzRoleAssignment as string not a list
Get-AzRoleAssignment
-SignInName <String>
-ResourceGroupName <String>
[-RoleDefinitionName <String>]
[-IncludeClassicAdministrators]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
so this could be handled as follow
(Get-AzADUser).UserPrincipalname | % { Get-AzRoleAssignment -SignInName $_ | Select-Object DisplayName,RoleDefinitionName,Scope}
DisplayName RoleDefinitionName Scope
----------- ------------------ -----
Mahmoud Moawad Owner /subscriptions/XXXXX-XXXX-XXXXX-XXXX-XXXX
Mahmoud Moawad User Access Administrator /
