Office 365 – PowerShell cmdlets to manage Administrator Roles

Hi All,

In one of the previous article we discussed Office 365 “Administrator Roles”.  There are two ways to manage these Administrative Roles either through Office 365 Admin Center or through PowerShell commands. In this article we will discuss PowerShell commands to manage Office 365 Administrative roles.

Following are the important PowerShell commands to manage Office 365 Administrator Roles:

  1. Add-MsolRoleMember
    1. This PowerShell cmdlet used to add user to administrator role
    2. Currently only users and service principals can be added to role
    3. Adding security group is not supported
    4. This PowerShell cmdlet requires following required parameters
      • Email Address : Email Address of the user to whom we need to add to administrative role
      • Object Id: Role object id, unique ID specified to each role. We will get the ObjectId of the role by executing the Get-MsolRole PowerShell cmdlet. This PowerShell cmdlet explained below.

Example :

Add-MsolRoleMember -RoleObjectId f28a1f50-f6e7-4571-818b-6a12f2af6b6c -RoleMemberEmailAddress <email address of the user to whom we need to add to Administrator role>

  1. Remove-MsolRoleMember
    1. This PowerShell cmdlet removes member from administrator role

Example:

Remove-MsolRoleMember -RoleObjectId f28a1f50-f6e7-4571-818b-6a12f2af6b6c -RoleMemberEmailAddress <email address of the user to whom we need to remove from Administrator role>

  1. Get-MsolRole
    1. This PowerShell cmdlet fetches all administrative roles available
    2. This PowerShell cmdlet returns the Role object – Microsoft.Online.Administration.Role
    3. Role object is returned with following details:
      • Description: Role description
      • Name: Role name
      • ObjectId: Unique ID of role

Following is the example from my Office 365 trial

Get-MsolRole

Figure 1: PowerShell cmdlet “Get-MsolRole”

  1. Get-MsolRoleMember
    1. This PowerShell cmdlet gets all members of specified role
    2. This PowerShell cmdlet returns the RoleMember object – Microsoft.Online.Administration.RoleMember
    3. RoleMember object is returned with following details:
      • Display Name : Display Name of role
      • IsLicensed : Whether License is assigned to Role or not
      • EmailAddress : Email address of role
      • RoleMemberType : Role member type. Currently only “User” type is supported.

Example:

Get-MsolRoleMember -RoleObjectId b0f54661-2d74-4c50-afa3-1ec803f12efe

RoleMemberType EmailAddress                  DisplayName    isLicensed

————– ————                  ———–    ———-

User           <email address of the user> <display name of user> True

References:

https://docs.microsoft.com/en-us/powershell/module/msonline/?view=azureadps-1.0#msonline

https://docs.microsoft.com/en-us/powershell/module/msonline/add-msolrolemember?view=azureadps-1.0

https://docs.microsoft.com/en-us/powershell/module/msonline/remove-msolrolemember?view=azureadps-1.0

https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrole?view=azureadps-1.0

Thanks for reading 🙂

Feel free to get in touch for any feedback / issue / comments / doubt 🙂

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.