entra administrativeunit roleassignment add

Assigns a Microsoft Entra role with administrative unit scope to a user

Usage

m365 entra administrativeunit roleassignment add [options]

Options

-i, --administrativeUnitId [administrativeUnitId]: The id of the administrative unit. Specify either administrativeUnitId or administrativeUnitName.
-n, --administrativeUnitName [administrativeUnitName]: The name of the administrative unit. Specify either administrativeUnitId or administrativeUnitName.
--roleDefinitionId [roleDefinitionId]: The id of the role definition that the member is in. Specify either roleDefinitionId or roleDefinitionName.
--roleDefinitionName [roleDefinitionName]: The name of the role definition that the member is in. Specify either roleDefinitionId or roleDefinitionName.
--userId [userId]: The id of the user that is a member of the scoped role. Specify either userId or userName.
--userName [userName]: The name of the user that is a member of the scoped role. Specify either userId or userName.

-h, --help [help]: Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.
--query [query]: JMESPath query string. See http://jmespath.org/ for more information and examples.
-o, --output [output]: Output type. json, text, csv, md, none. Default json.
--verbose: Runs command with verbose logging.
--debug: Runs command with debug logging.

Remarks

info

To use this command you must be either Global Administrator or Privileged Role Administrator.

Examples

Assign a role definition specified by id to a user specified by id for an administrative unit specified by id

m365 entra administrativeunit roleassignment add --administrativeUnitId 81bb36e4-f4c6-4984-8e56-d4f8feae9e09 --roleDefinitionId 4d6ac14f-3453-41d0-bef9-a3e0c569773a --userId 5f91f951-7305-4a27-9b63-7b00906de09f

Assign a role definition specified by name to a user specified by name for an administrative unit specified by name

m365 entra administrativeunit roleassignment add --administrativeUnitName 'Marketing Division' --roleDefinitionName 'License Administrator' --userName 'john.doe@contoso.com'

Response

JSON
Text
CSV
Markdown

{
  "id": "5wuT_mJe20eRr5jDpJo4sVH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2",
  "principalId": "5f91f951-7305-4a27-9b63-7b00906de09f",
  "directoryScopeId": "/administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09",
  "roleDefinitionId": "4d6ac14f-3453-41d0-bef9-a3e0c569773a"
}

directoryScopeId: /administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09
id              : 4yeYchSc90m7G5YI8Va7uFH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2
principalId     : 5f91f951-7305-4a27-9b63-7b00906de09f
roleDefinitionId: 4d6ac14f-3453-41d0-bef9-a3e0c569773a

id,principalId,directoryScopeId,roleDefinitionId
UB-K8uf2cUWBi2oS8q9rbFH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2,5f91f951-7305-4a27-9b63-7b00906de09f,/administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09,4d6ac14f-3453-41d0-bef9-a3e0c569773a

# entra administrativeunit roleassignment add --administrativeUnitId "81bb36e4-f4c6-4984-8e56-d4f8feae9e09" --roleDefinitionId "4d6ac14f-3453-41d0-bef9-a3e0c569773a" --userId "5f91f951-7305-4a27-9b63-7b00906de09f"

Date: 11/16/2023

## T8FqTVM00EG--aPgxWl3OlH5kV8FcydKm2N7AJBt4J_kNruBxvSESY5W1Pj-rp4J-2

Property | Value
---------|-------
id | T8FqTVM00EG--aPgxWl3OlH5kV8FcydKm2N7AJBt4J\_kNruBxvSESY5W1Pj-rp4J-2
principalId | 5f91f951-7305-4a27-9b63-7b00906de09f
directoryScopeId | /administrativeUnits/81bb36e4-f4c6-4984-8e56-d4f8feae9e09
roleDefinitionId | 4d6ac14f-3453-41d0-bef9-a3e0c569773a

More information

Roles with administrative unit scope

Usage​

Options​

Remarks​

Examples​

Response​

More information​