You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on a test that needs to get all eligible members of a specific roles. The command Get-MtRoleMember returns nothing in our environment.
The command implantation in Get-MtRoleMember.ps1 seems to use the roleEligibilityScheduleRequests Graph endpoint. To the best of my knowledge, this endpoint only returns role elevation requests. If users are made permanently eligible, this endpoint will not return them.
if ($dirAssignmentsSplat.RelativeUri-eq"roleManagement/directory/roleEligibilityScheduleRequests") {
I think we should use the roleEligibilitySchedules endpoint instead for this function. I used the following command in my test to get all eligible users in our environment : Invoke-MtGraphRequest -RelativeUri "roleManagement/directory/roleEligibilitySchedules" -Filter "RoleDefinitionId eq '$($PrivilegedRole.RoleTemplateId)'"
Am I missing something here?
Thanks for you work guys!
The text was updated successfully, but these errors were encountered:
The addition as another type would allow for it to process both endpoints. I am not certain offhand the different combinations that may be possible to occur, but I don't see an issue in adding an additional endpoint and returning a unique list of principals.
Hi,
I'm working on a test that needs to get all eligible members of a specific roles. The command Get-MtRoleMember returns nothing in our environment.
The command implantation in Get-MtRoleMember.ps1 seems to use the roleEligibilityScheduleRequests Graph endpoint. To the best of my knowledge, this endpoint only returns role elevation requests. If users are made permanently eligible, this endpoint will not return them.
See at line 103 :
maester/powershell/public/Get-MtRoleMember.ps1
Line 103 in d67de01
I think we should use the roleEligibilitySchedules endpoint instead for this function. I used the following command in my test to get all eligible users in our environment :
Invoke-MtGraphRequest -RelativeUri "roleManagement/directory/roleEligibilitySchedules" -Filter "RoleDefinitionId eq '$($PrivilegedRole.RoleTemplateId)'"
Am I missing something here?
Thanks for you work guys!
The text was updated successfully, but these errors were encountered: