Remove-EntraDirectoryRoleAssignment
Delete a Microsoft Entra ID roleAssignment.
Syntax
Default (Default)
Remove-EntraDirectoryRoleAssignment
-UnifiedRoleAssignmentId <String>
[<CommonParameters>]
Description
The Remove-EntraDirectoryRoleAssignment cmdlet removes a role assignment from Microsoft Entra ID.
In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are:
- Privileged Role Administrator
Examples
Example 1: Remove a role assignment
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory', 'EntitlementManagement.ReadWrite.All'
$user = Get-EntraUser -UserId 'SawyerM@contoso.com'
$role = Get-EntraDirectoryRoleDefinition -Filter "DisplayName eq 'Helpdesk Administrator'"
$assignment = Get-EntraDirectoryRoleAssignment -All | Where-Object { $_.principalId -eq $user.Id -AND $_.RoleDefinitionId -eq $role.Id }
Remove-EntraDirectoryRoleAssignment -UnifiedRoleAssignmentId $assignment.Id
This example removes the specified role assignment from Microsoft Entra ID.
-Idparameter specifies the role assignment ID.
Parameters
-UnifiedRoleAssignmentId
The unique identifier of an object in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Id |
Parameter sets
(All)
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
System.String
Outputs
System.Object
Notes
Remove-EntraRoleAssignment is an alias for Remove-EntraDirectoryRoleAssignment.