This repository has been archived by the owner on Jul 22, 2024. It is now read-only.
Get-MsolRoleMember : Access Denied. You do not have permissions to call this cmdlet. #425
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Steps to reproduce
Have a Microsoft Partner Portal Account
Have Customers/tenants in the Portal
Have an account in the Partner portal
Be part of the security group AdminAgents
Have an Admin Relationship with a Customer with the Microsoft Entra roles : Global Administrator assigned
Assign the AdminAgents Security Group to the Admin Relaationship
Open Powershell
Run command "Connect-MsolService" and login with the above mentioned account
Run the following Powershell script ( GetGA.ps1 )
#Working Tenant
#$tenantId = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
#NotWorking Tenant
$tenantId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$roles = Get-MsolRole
#Write-Host $roles.Name
$role = Get-MsolRole -RoleName "Company Administrator"
$globalAdmins = Get-MsolRoleMember -RoleObjectId $role.ObjectId -TenantId $tenantId
Write-Host $globalAdmins.DisplayName
See the script works when the Working Tenant tenant id is uncommented
Output "Admin Company Admin Break Glass Admin"
See the script fail when the NotWorking Tenant tenant id is uncommented
Get-MsolRoleMember : Access Denied. You do not have permissions to call this cmdlet.
At C:\temp\GetGA.ps1:8 char:21
stration.Automation.GetRoleMember
Expected behavior
Would expect both runs to return a list of the Gloabal Administartors for the respective tenant
Output "Admin Company Admin Break Glass Admin"
Actual behavior
On one of the accounts I get
Get-MsolRoleMember : Access Denied. You do not have permissions to call this cmdlet.
At C:\temp\GetGA.ps1:8 char:21
stration.Automation.GetRoleMember
Diagnostic logs
None
Environment
PSVersion 5.1.19041.4291
PSEdition Desktop
The text was updated successfully, but these errors were encountered: