Microsoft 365 : Microsoft Graph PowerShell tutorial – Part 4 – Implementing Governance – Fetching all Global Administrators in tenant
Microsoft PowerShell Graph - Executing CMDLET "Get-MgDirecotoryRoleMember" - fetching all Global Administrators
Hi All,
Greetings for the day!
Continuing our learning on Microsoft Graph PowerShell.
Today one more PowerShell in our PowerShell bucket. This is 4th article in series. Discussing one of the feature of Microsoft 365 Governance. Fetching list of Global Administrators. Getting to know how many number of Global Administrators in our tenant.
We have a good series going on Microsoft Graph PowerShell OR If you are beginner to Microsoft Graph PowerShell. Kindly please have a look
- Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 1 – starting with Microsoft Graph PowerShell – https://knowledge-junction.in/2023/08/30/microsoft-365-powershell-microsoft-graph-powershell-tutorial-part-1/
- Microsoft 365 : PowerShell – Microsoft Graph PowerShell tutorial – Part 2 – exploring Connect-MgGraph with couple of scenarios – https://knowledge-junction.in/2024/01/18/microsoft-365-powershell-microsoft-graph-powershell-tutorial-part-2-exploring-connect-mggraph-with-couple-of-scenarios/
- Microsoft 365 : Microsoft Graph PowerShell tutorial – Part 3 – using client id (App ID) and certificate for connecting graph – Connect-MgGraph – https://knowledge-junction.in/2024/01/21/m365-msgraph-powershell-tutorial-part-3-using-client-id-app-id-n-certificate-connecting-graph/
Steps
- Connect to Microsoft Graph using Connect-MgGraph with delegated permissions to read roles.
- As we need read only permissions to roles – We need get “Global Administrator” role – RoleManagement.Read.Directory
#connect to Microsoft Graph - with delegated permissions - RoleManagement.Read.Directory
Connect-MgGraph -Scopes RoleManagement.Read.Directory- As we execute above CMDLET, we will have “Sign in to your account” dialog as shown in below figure
- Please check the “Consent on behalf of your organization” and click on “Accept” button
- On successful execution, we will be connected to Microsoft Graph
- Lets execute – Get-MgDirectoryRole CMDLET to get all roles available in tenant
Get-MgDirectoryRole | Select DisplayName, Description
- We will get specific role like – “Global Administrator” using filter on DisplayName as in below code snippet
- We will store role in role object. We will use ID property to get the all role members
#Fetch "Global Administrator" role
$Role = Get-MgDirectoryRole | Where {$_.DisplayName -eq "Global Administrator"}
output:
DeletedDateTime Id Description
--------------- -- -----------
b22d52e1-b7e1-4c17-a542-0fa7df7f89fb Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microso...
- Next, with the help of Role object and Id property we will get all the members of given role – “Global Administrator” using – Get-MgDirectoryRoleMember CMDLET
#Fetch all members of the "Global Administrator" role
$AllGA = Get-MgDirectoryRoleMember -DirectoryRoleId $Role.Id
$AllGA | Select Id,AdditionalProperties | Format-List
- From above snap – we have two Global Administrators in our tenant
In this way, we will get members of any role (SharePoint administrators, Teams administrators) and track.
Thanks for reading ! Stay tuned for more articles on Microsoft Graph PowerShell and PowerShell !
HAPPY LEARNING AHEAD 🙂 LIFE IS BEAUTIFUL 🙂
1 Response
[…] To know all the “Global Administrators” in my tenant, using Microsoft Graph PowerShell, please refer article. Microsoft 365 : Microsoft Graph PowerShell tutorial – Part 4 – Implementing Governance – Fetching all Global Administrators in tenant – https://microsoft365junction.com/2024/01/23/microsoft-365-microsoft-graph-powershell-tutorial-part-4… […]