Get-MsolScopedRoleMember

The Get-MsolRoleMember cmdlet is used to retrieve all members of the specified role.

The Get-MsolScopedRoleMember cmdlet is used to retrieve the members of the specified role who are granted that role over an administrative unit.

Syntax

Get-MsolScopedRoleMember [-AdministrativeUnitObjectId <Guid>] -RoleObjectId <Guid> [-SearchString <String>] [-MaxResults <Int>] [-TenantId <Guid>] [<CommonParameters>]

Get-MsolScopedRoleMember [-AdministrativeUnitObjectId <Guid>] -RoleObjectId <Guid> [-SearchString <String>] -All [-TenantId <Guid>] [<Commonparameters>]

Parameters

   -RoleObjectId <Guid>
        The role whose scoped members should be returned.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false

-AdministrativeUnitObjectId <Guid> 
The object ID of the administrative unit whose administrators should be returned. Omit this parameter to find administrators for all administrative units.
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false

-MaxResults <int>
        The maximum number of results returned for a search result.
        
        Required?                    false
        Position?                    named
        Default value                250
        Accept pipeline input?       false
        Accept wildcard characters?  false

    -SearchString <string>
        The string to search on. Only objects with a display name or email 
        address starting with this string will be returned.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
                  
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false

-All 
        If present then all results will be returned.  Cannot be used with the MaxResults parameter.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        "get-help about_commonparameters".

Examples

The following command will list all members of the “User Account Administrator” role that is scoped to the administrative unit “West Coast”.

$westcoastau = Get-MsolAdministrativeUnit -searchstring “West Coast” 
$uaadmin = Get-MsolRole -RoleName "User Account Administrator"
Get-MsolScopedRoleMember -RoleObjectId $uaadmin.ObjectId - AdministrativeUnitObjectId $westcoastau.ObjectId

Additional Resources

There are several other places you can get more information and help. These include:

• Azure Active Directory Forum

• Azure AD Community Information Center

• Azure Active Directory Community scripts

See Also

Other Resources

Using Administrative Units - Public Preview
Manage Azure Active Directory by using Windows PowerShell