Home
PowerShell
Get-MgDirectoryRoleMember

How to get Entra ID directory role members using Microsoft Graph PowerShell

The Get-MgDirectoryRoleMember cmdlet retrieves members assigned to a specific directory role in Microsoft Entra ID (previously Azure AD). This helps you audit and manage user and service principal assignments to administrative roles in your tenant.

Get directory role members using Microsoft Graph PowerShell

Prerequisites

Before using the cmdlet, ensure that the Microsoft Graph PowerShell module is installed. If not, install it using this PowerShell command:
Install-Module Microsoft.Graph -Scope CurrentUser
Also, use the following PowerShell command to connect to Microsoft Graph with the required permissions (e.g., Directory.Read.All or RoleManagement.Read.Directory):
Connect-MgGraph -Scopes "Directory.Read.All"

Using the Get-MgDirectoryRoleMember cmdlet

Run the following Graph PowerShell command below to list all members of a directory role. Replace <role-id> with the object ID of the directory role:


                            Get-MgDirectoryRoleMember -DirectoryRoleId <role-id>

Examples

Example 1: Get all members of the Global Administrator role

This Graph PowerShell command lists all users and service principals assigned to the specified role:


                            Get-MgDirectoryRoleMember -DirectoryRoleId "role-object-id"

Example 2: Retrieve up to 10 members of a custom role

This Graph PowerShell command limits the output to only 10 members:


                            Get-MgDirectoryRoleMember -DirectoryRoleId "role-object-id" -Top 10

Example 3: List members and display only displayName and userPrincipalName

This Graph PowerShell command filters the output to show only key properties for each member:


                            Get-MgDirectoryRoleMember -DirectoryRoleId "role-object-id" | Select-Object displayName, userPrincipalName

Supported parameters

The following are some essential parameters that can be used along with the Get-MgDirectoryRoleMember command:

Parameters	Description
-DirectoryRoleId	Specifies the directory role object ID to query for members
-Top	Limits the number of results returned
-Filter	Retrieves only members matching specified criteria
-All	Retrieves all results without paging
-Property	Selects which properties to return for each member

Limitations of using Microsoft Graph PowerShell to get directory role members

PowerShell commands can get complicated with different use cases and scenarios.
IT admins can spend a lot of time debugging errors, which in turn negatively impacts productivity.
Delegation can get tricky since technicians require elevated permissions.

How ADManager Plus helps you manage Microsoft Entra ID

ADManager Plus, an identity governance and administration solution with comprehensive Microsoft Entra ID management and reporting capabilities, simplifies complex admin tasks from a single, user-friendly console:

Manage Entra ID users, contacts, groups, licenses, and other objects with a script-free, centralized console.
Reduce human errors by automating user provisioning, deprovisioning, and license assignment across various platforms.
Delegate Entra ID tasks to technicians without elevating their native privileges.
Keep a watchful eye with 200+ prepackaged reports for your Entra ID and AD environments.
Monitor delegated activities through smart workflows.
Ensure business continuity with AD, Entra ID, and Google Workspace backup and recovery.

Perform script-free Microsoft Entra ID management and reporting with ADManager Plus

Try it now for free

Get directory role members using Microsoft Graph PowerShell
Examples
Supported parameters
Limitations of using Microsoft Graph PowerShell to get directory role members
How ADManager Plus helps you manage Microsoft Entra ID

Related features:

Related Powershell Guides: