Having “historically grown” structures it could happen that you lose the overview of all role assisgnments in Azure AD. With this script you can create a report:
Import-Module AzureAD
Connect-AzureAD
$AllAzureADDirectoryRoles = Get-AzureADDirectoryRole
$Table = @()
Foreach ($AzureADDirectoryRole in $AllAzureADDirectoryRoles){
Foreach($User in ($AzureADDirectoryRole | Get-AzureADDirectoryRoleMember)){
$Row = "" | Select DirectoryRole,UserPrincipalName
$Row.DirectoryRole = $AzureADDirectoryRole.DisplayName
$Row.UserPrincipalName = $User.UserPrincipalName
$Table += $Row
}
}
$Table | Out-GridView