AzureAD / M365 – View all active role assignments

As I am implementing many Conditional Access Policies and scope them to specific roles, I want to know which admins will be effected, in advance. But I am too lazy to go through all roles by hand, so I wrote following script:


$RoleAssignments = @()
$Roles = Get-MsolRole

Foreach ($Role in $Roles){
	$RoleMembers = Get-MsolRoleMember -RoleObjectID $Role.ObjectId
	if ($RoleMembers) {
		Foreach ($RoleMember in $RoleMembers) {
			$RoleAssignment = "" | Select RoleName,RoleObjectID,MemberDisplayName,MemberObjectID
			$RoleAssignment.RoleName = $Role.Name
			$RoleAssignment.RoleObjectID = $Role.ObjectId
			$RoleAssignment.MemberDisplayName = $RoleMember.DisplayName
			$RoleAssignment.MemberObjectID = $RoleMember.ObjectId

			$RoleAssignments += $RoleAssignment

$RoleAssignments | Out-GridView

Nothing too fancy, but re-usable. But be aware: Roles “eligable” via PIM “eligable” are not listed here.