AadSupportPreview

0.3.9

functions/Get-AadAdminRolesByObject.ps1

                                <#

.SYNOPSIS

Gets the admin roles assigned to the specified object (User or ServicePrincipal)

.DESCRIPTION

Gets the admin roles assigned to the specified object (User or ServicePrincipal)

Example 1: Get Admin Roles for a User or Object based on its ObjectId

Get-AadAdminRolesByObject -ObjectId 

Example 2: Get Admin Roles for a ServicePrincipal

Get-AadAdminRolesByObject -ServicePrincipalId 'Contoso Web App'

Example 3: Get Admin Roles for a user

Get-AadAdminRolesByObject -UserId 'john@contoso.com'

.PARAMETER ObjectId

Lookup user or service principal by its ObjectId

.PARAMETER ServicePrincipalId

Lookup service principal by any of its Ids (DisplayName, AppId, ObjectId, or SPN)

.PARAMETER UserId

Lookup user by any of its Ids ObjectId or UserPrincipalName

.NOTES

General notes

#>

function Get-AadAdminRolesByObject {

    param(

        [Parameter(

            ValueFromPipeline = $true,

            ParameterSetName = "ByObjectId")]

        [parameter(ValueFromPipeline=$true)]

        $ObjectId,

        [Parameter(ParameterSetName = "ByServicePrincipalId")]

        $ServicePrincipalId,

        [Parameter(ParameterSetName = "ByUserId")]

        $UserId

    )

    # REQUIRE AadSupport Session

    RequireConnectAadSupport

    # END REGION

    # Search for ServicePrincipal

    if($ServicePrincipalId)

    {

        $sp = Get-AadServicePrincipal -Id $ServicePrincipalId

        If(-not $sp)

        {

           return 

        }

        $ObjectId = $sp.ObjectId

    }

    # Search for User

    if($UserId)

    {

        $user = Invoke-AadCommand -Command {

            Param($UserId)

            Get-AzureADUser -ObjectId $UserId

        } -Parameters $UserId

        If(-not $user)

        {

           return 

        }

        $ObjectId = $user.ObjectId

    }

    $roles = Invoke-AadCommand -Command {

        Get-AzureADDirectoryRole

    }

    $AdminRoleList = @()

    $AadAdminCount = 0

    foreach ($role in $roles) {

        $members = Invoke-AadCommand -Command {

            Param($role)

            Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId

        } -parameters $role

        foreach ($member in $members) {

            if($member.ObjectId -eq $ObjectId) {

                $AdminRoleList += [PSCustomObject]@{

                    RoleDisplayName = $role.DisplayName;

                    RoleId = $role.ObjectId;

                }

            }

        } 

    }

    # Output Admin Roles

    $ReturnObject = $AdminRoleList | Select-Object RoleDisplayName, RoleId

    return $ReturnObject

}