OpenTechTips

Short Guides for IT Enthusiasts

Home » What admin role needed to run a specific cmdlet

What admin role needed to run a specific cmdlet

- by Zsolt Agoston - last edited on

The following article shows how to find out what role is needed to run a specific cmdlet in either on-premises or Exchange Online.

On-Prem

This example lists out all the RBAC roles that have the ability to run the New-Mailbox cmdlet.

$Cmdlet = 'New-Mailbox'
Get-ManagementRole -Cmdlet $Cmdlet | Get-ManagementRoleAssignment | Sort-Object -Unique RoleAssigneeName | select RoleAssigneeName
What admin role needed to run a specific cmdlet

Azure Cloud

The next two examples discover the same scenario that the on-prem example did, only in Azure.

$Cmdlet = 'New-Mailbox'
Get-ManagementRoleEntry -Identity "*\$Cmdlet" | Foreach {Get-ManagementRoleAssignment -Role $_.Role} | Sort-Object -Unique RoleAssigneeName | Select-Object RoleAssigneeName

Or

$Cmdlet = 'New-Mailbox'
Get-ManagementRole -Cmdlet $Cmdlet | Foreach {Get-ManagementRoleAssignment -Role $_.Name} | Sort-Object -Unique RoleAssigneeName | Select-Object RoleAssigneeName
What admin role needed to run a specific cmdlet

Reader Interactions

Comments

Your email address will not be published. Required fields are marked *