msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

Get-MgDirectoryRoleMember should allow to filter by role template ID

Open cnotin opened this issue 2 years ago • 3 comments

Currently, Get-MgDirectoryRoleMember only allows to filter by Directory Role ID:

   -DirectoryRoleId <String>

However, the underlying Graph API endpoint also allows to filter directly by Role Template ID:

You can use both the object ID and template ID of the directoryRole with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see Role template IDs.

It would be nice to have this possibility directly in Get-MgDirectoryRoleMember:

   -DirectoryRoleTemplateId <String>

It would avoid having to combine Get-MgDirectoryRole then Get-MgDirectoryRoleMember, like this:

$dirsync = Get-MgDirectoryRole -Filter "RoleTemplateId eq 'd29b2b05-8046-44ba-8758-1e26182fcf32'"
Get-MgDirectoryRoleMember -DirectoryRoleId $dirsync.Id

cnotin avatar Mar 14 '23 17:03 cnotin

Thanks for bringing this to our attention.

The command does not currently support -roleTemplateId because alternate keys is currently disable at the OData CSDL to OpenAPI conversion level.

This API makes for a good case to start supporting alternate keys. I've transferred the issue to https://github.com/microsoftgraph/msgraph-metadata/issues/305 for this to supported

peombwa avatar Mar 24 '23 21:03 peombwa

@peombwa : The dependency is now closed. Any other support needed?

SteveMutungi254 avatar Aug 04 '23 08:08 SteveMutungi254