How to populate ActiveAssignmentCount for Get-AzureADMSPrivilegedRoleDefinition?
when I run this command:
Get-AzureADMSPrivilegedRoleDefinition -ProviderId aadRoles -ResourceId $global:varTenant.ObjectId | Format-List
None of the results have any values for the fields I've outlined in red. For example, roles that I know have active assignments don't show any value in the ActiveAssignmentCount property. How can I get those values to populate?
I tried in my environment and got below results:
When I execute the commands and got same output like below :
Get-AzureADMSPrivilegedRoleDefinition -ProviderId aadRoles -ResourceId $global:varTenant.ObjectId | Format-List
- I have checked this MSDocs. As per my understand role definition command shows the default value for the
PIM.
You can get the active and eligible assignments by running this command:
Get-AzureADMSPrivilegedRoleAssignment -ProviderId "aadRoles" -ResourceId "< tenant Id >" -Filter "subjectId eq '< User id>'''
Output:
Make use of below scripts to get the Active assignments count and Eligible assignments count.
Activeassignmentscount:
To get the specific user for Activeassignmentcount you can use this script.
$Pims= Get-AzureADMSPrivilegedRoleAssignment -ProviderId "aadRoles" -ResourceId "< Tenant ID>" -Filter "subjectId eq '< User object Id >'"
$count=0
Foreach($pim in $Pims.AssignmentState)
{
If($pim -eq “Active” )
{
$count++
$ActiveAssignmentCount=$count
}
}
Write-Host "ActiveAssignmentCount = " $ActiveAssignmentCount
Write-Host " "
Powershell:
Eligibleassignmentscount:
To get the specific user for Eligibleassignmentcount you can use this script.
$Pims= Get-AzureADMSPrivilegedRoleAssignment -ProviderId "aadRoles" -ResourceId "< Tenantid >" -Filter "subjectId eq 'userid'"
$count=0
Foreach($pim in $Pims.AssignmentState)
{
If($pim -eq “Eligible” )
{
$count++
$EligibleAssignmentCount=$count
}
}Write-Host "EligibleAsssignmentCount = " $EligibleAssignmentCount Write-Host " "
Refer this link you can also get the process through graph explorer.
- Redirections changes "get-alias" command return code in powershell
- Where is the PowerShell documentation for the `excel.application`?
- Powershell SDK accessing values of Powershell objects?
- Does the PowerShell call operator `&` wait for a command to finish?
- Using PowerShell, set the AD home directory for a user, given the display name
- Export app registrations with expiring secrets and certificates and send alert in teams
- How do I find the 10 largest files in a directory structure
- Enumerate file properties in PowerShell
- Is there a dynamic way to get variables from Variable Group? Even secret ones? and insert in Azure Key Vault
- Powershell Folder Inheritence problem
- How to quickly change shell folder to match the currently open file
- Powershell script to see currently logged in users (domain and machine) + status (active, idle, away)
- How to Set Microphone Volume to 100% in PowerShell or Command Line?
- Format Select-String output (path:linenumber:line)
- Get the Installed / Not Applicable Percentage in WSUS using Powershell
- Powershell ConvertFrom-JSON to csv file(s)
- Script has two variables when done, but when I pipe to SELECT-object only first one returns data to console
- Sign a Powershellscript with C# / .NetCore
- File Explorer flag not working in Powershell at all
- How to run Get Kusto query using Rest API
- Read individual key presses in PowerShell
- run powershell as administrator from python
- How to embed Windows symbols (Win+;) into the code, to be printed on file and on screen?
- Powershell 2 copy-item which creates a folder if doesn't exist
- Run Powershell script files step by step in WPF (C#)
- Can I return an exit code %errorlevel% from WSL Bash to Powershell or Command Prompt?
- Get Azure Active Directory password expiry date in PowerShell
- Powershell get-childitem works different with long-path prefix (\\?\)
- Handling Nested JSON returned from Invoke-RestMethod
- Unexpected variable type returned by Receive-Job