en-US/GDAPRelationships-help.xml
|
<?xml version="1.0" encoding="utf-8"?> <helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Build-GDAPRemediation</command:name> <command:verb>Build</command:verb> <command:noun>GDAPRemediation</command:noun> <maml:description> <maml:para>Builds a remediation action plan to create, update, or rebuild GDAP Relationships to match a provided template.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Builds a remediation action plan to create, update, or rebuild GDAP Relationships to match a provided template.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Build-GDAPRemediation</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to Build-GDAPRemediation.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object. Returns a list of Objects with Role Names, IDs, and Descriptions.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Build-GDAPRemediation</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Build-GDAPRemediation.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Build-GDAPRemediation.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Compare-GDAPAccessAssignment</command:name> <command:verb>Compare</command:verb> <command:noun>GDAPAccessAssignment</command:noun> <maml:description> <maml:para>Compares if a provided delegatedAdminAccessAssignment matches an active assignment in an existing GDAP Relationship.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Compares if a provided delegatedAdminAccessAssignment matches an active assignment in an existing GDAP Relationship.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Compare-GDAPAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>DelegatedAdminAccessAssignment</maml:name> <maml:description> <maml:para>Object containing a delegatedAdminAccessAssignment to compare to the existing accessAssignments.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Reason</maml:name> <maml:description> <maml:para>Indicates that the reason an object doesn't match should be returned instead of $false.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Compare-GDAPAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>Entra ID Group by ID or Name to use to search for existing accessAssignments.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or role Names to compare to the existing accessAssignments. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Reason</maml:name> <maml:description> <maml:para>Indicates that the reason an object doesn't match should be returned instead of $false.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>DelegatedAdminAccessAssignment</maml:name> <maml:description> <maml:para>Object containing a delegatedAdminAccessAssignment to compare to the existing accessAssignments.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>Entra ID Group by ID or Name to use to search for existing accessAssignments.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or role Names to compare to the existing accessAssignments. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Reason</maml:name> <maml:description> <maml:para>Indicates that the reason an object doesn't match should be returned instead of $false.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String, System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>bool</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Compare-GDAPAccessAssignment -GDAPRelationshipId "3cbdc381-4b58-4492-acd3-1ad25b426222-46950538-1cc2-4dda-beac-4b7f75557652" -DelegatedAdminAccessAssignment $DelegatedAdminAccessAssignmentObject -GraphBaseURL "https://graph.microsoft.com/v1.0/" $true</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Compare-GDAPAccessAssignment -GDAPRelationshipId "3cbdc381-4b58-4492-acd3-1ad25b426222-46950538-1cc2-4dda-beac-4b7f75557652" -Group "Admin Agents" -RoleDefinition "Directory Readers", "Service Support Administrator" -GraphBaseURL "https://graph.microsoft.com/v1.0/" $false</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>Compare-GDAPAccessAssignment -Reason -GDAPRelationshipId "3cbdc381-4b58-4492-acd3-1ad25b426222-46950538-1cc2-4dda-beac-4b7f75557652" -DelegatedAdminAccessAssignment $DelegatedAdminAccessAssignmentObject -GraphBaseURL "https://graph.microsoft.com/v1.0/" "</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Compare-GDAPAccessAssignment.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Compare-GDAPAccessAssignment.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Export-GDAPTemplateFromExistingRelationship</command:name> <command:verb>Export</command:verb> <command:noun>GDAPTemplateFromExistingRelationship</command:noun> <maml:description> <maml:para>Creates a JSON template from an existing GDAP Relationship.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates a JSON template from an existing GDAP Relationship.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Export-GDAPTemplateFromExistingRelationship</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for template details lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that role and security group details should be included in the template.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for template details lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that role and security group details should be included in the template.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String. Relationship ID of an existing GDAP Relationship.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>String. JSON formatted string containing the details of an existing GDAP Relationship in template form.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Export-GDAPTemplateFromExistingRelationship -GDAPRelationshipID $GDAPRelationshipID -Detailed { "Roles": [ { "Name": "<RoleName1>", "RoleDefinitionId": "<RoleGuid1>", "Description": "<RoleDescription1>" }, { "Name": "<RoleName2>", "RoleDefinitionId": "<RoleGuid2>", "Description": "<RoleDescription2>" }, { "Name": "<RoleName3>", "RoleDefinitionId": "<RoleGuid3>", "Description": "<RoleDescription3>" } ], "AccessAssignment": [ { "accessContainer": { "accessContainerId": "6c594a13-bb0c-4884-b91f-194f69107b0e", }, "accessDetails": { "unifiedRoles": [ { "roleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" }, { "roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a" }, ] } }, { "accessContainer": { "accessContainerId": "3d708049-cf12-404f-88c2-aeaa672eae3e", }, "accessDetails": { "unifiedRoles": [ { "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "roleDefinitionId": "f2ef992c-3afb-46b9-b7cf-a126ee74c451" }, { "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8" }, ] } } ], "Duration": "P730D", "AutoExtendDuration": "P180D", "AutoExtendRelationship": true }</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Export-GDAPTemplateFromExistingRelationship.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Export-GDAPTemplateFromExistingRelationship.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-GDAPAccessRolebyNameorId</command:name> <command:verb>Get</command:verb> <command:noun>GDAPAccessRolebyNameorId</command:noun> <maml:description> <maml:para>Looks up the name or GUID of an Entra ID GDAP Role and returns the GDAP Role details.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Looks up the name or GUID of an Entra ID GDAP Role and returns the GDAP Role details.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-GDAPAccessRolebyNameorId</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>The Role Definition string(s) to find matching Role Name or Role ID GUID with. Checks what input was provided and automatically chooses if Name or Id should be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ReturnID</maml:name> <maml:description> <maml:para>Flag to indicate that only the roleDefinitionID should be returned in List<String> format.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>The Role Definition string(s) to find matching Role Name or Role ID GUID with. Checks what input was provided and automatically chooses if Name or Id should be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ReturnID</maml:name> <maml:description> <maml:para>Flag to indicate that only the roleDefinitionID should be returned in List<String> format.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String. String or list of strings to lookup the Role Definition with.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>List<Object>. Returns list of found object(s) with their Role Name, Id, and Description. Will return a list of strings with roleDefinition if "ReturnID" is specified.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-GDAPAccessRolebyNameorId -RoleDefinition "Directory Readers" { "Name": "Directory Readers", "RoleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b", "Description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests." }</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Get-GDAPAccessRolebyNameorId -RoleDefinition "4a5d8f65-41da-4de4-8968-e035b65339cf", "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" [ { "Name": "Reports Reader", "RoleDefinitionId": "4a5d8f65-41da-4de4-8968-e035b65339cf", "Description": "Can read sign-in and audit reports." }, { "Name": "Directory Readers", "RoleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b", "Description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests." } ]</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPAccessRolebyNameorId.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPAccessRolebyNameorId.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-GDAPRelationship</command:name> <command:verb>Get</command:verb> <command:noun>GDAPRelationship</command:noun> <maml:description> <maml:para>Retrieves all, filtered, or specific existing GDAP relationships for the current tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves all, filtered, or specific existing GDAP relationships for the current tenant.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-GDAPRelationship</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-GDAPRelationship</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Filter used to search relationships based on a specific value, uses OData query parameters. e.g. contains(customer/displayName,'Client') and status eq 'active' e.g. displayName eq 'DisplayName'</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Filter used to search relationships based on a specific value, uses OData query parameters. e.g. contains(customer/displayName,'Client') and status eq 'active' e.g. displayName eq 'DisplayName'</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to Get-GDAPRelationship.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>List<System.Object>. Returns a List of Objects with contents of type delegatedAdminRelationship.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-GDAPRelationship -Detailed</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Get-GDAPRelationship -GDAPRelationshipId $GDAPRelationshipId</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 3 --------------------------</maml:title> <dev:code>Get-GDAPRelationship -Filter "contains(customer/displayName,'Client') and status eq 'active'"</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPRelationship.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPRelationship.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/tenantrelationship-list-delegatedadminrelationships</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/tenantrelationship-list-delegatedadminrelationships</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-GDAPRelationshipAccessAssignment</command:name> <command:verb>Get</command:verb> <command:noun>GDAPRelationshipAccessAssignment</command:noun> <maml:description> <maml:para>Retrieves assigned access privileges by group given a GDAP Relationship ID with optional filtering by groups or OData filter query.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves assigned access privileges by group given a GDAP Relationship ID with optional filtering by groups or OData filter query.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for accessAssignments lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AccessAssignmentId</maml:name> <maml:description> <maml:para>The unique ID of the accessAssignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for accessAssignments lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>A list of security group Object IDs or Display Names to use to filter the search. e.g. '6c594a13-bb0c-4884-b91f-194f69107b0e', '3d708049-cf12-404f-88c2-aeaa672eae3e', "Tenant Group Name"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Active</maml:name> <maml:description> <maml:para>Flag to indicate that results should be filtered to only accessAssignments with 'active' or 'pending' states. Does not work with the Filter parameter.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for accessAssignments lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Filter used to search relationships based on a specific value, uses OData query parameters. e.g. contains(accessDetails/unifiedRoles/RoleDefinitionId,'4a5d8f65-41da-4de4-8968-e035b65339cf') e.g. id eq '84c586df-0943-416e-b95f-7289cb8d3bd5'</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for accessAssignments lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Active</maml:name> <maml:description> <maml:para>Flag to indicate that results should be filtered to only accessAssignments with 'active' or 'pending' states. Does not work with the Filter parameter.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID to use for accessAssignments lookup.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AccessAssignmentId</maml:name> <maml:description> <maml:para>The unique ID of the accessAssignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>A list of security group Object IDs or Display Names to use to filter the search. e.g. '6c594a13-bb0c-4884-b91f-194f69107b0e', '3d708049-cf12-404f-88c2-aeaa672eae3e', "Tenant Group Name"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Filter used to search relationships based on a specific value, uses OData query parameters. e.g. contains(accessDetails/unifiedRoles/RoleDefinitionId,'4a5d8f65-41da-4de4-8968-e035b65339cf') e.g. id eq '84c586df-0943-416e-b95f-7289cb8d3bd5'</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Active</maml:name> <maml:description> <maml:para>Flag to indicate that results should be filtered to only accessAssignments with 'active' or 'pending' states. Does not work with the Filter parameter.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to Get-GDAPRelationshipAccessAssignment.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>List<System.Object>. Returns a List of Objects with contents of type delegatedAdminAccessAssignment.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-GDAPRelationshipAccessAssignment -GDAPRelationshipId $GDAPRelationshipId -Group "Tenant Group Name" -Detailed [ { "@odata.type": "#microsoft.graph.delegatedAdminAccessAssignment", "@odata.etag": "W/\"JyIwMDAwMDI5OC0wMDAwLTAyMDAtMDAwMC02MjJiZTA0YjAwMDAiJw==\"", "id": "84c586df-0943-416e-b95f-7289cb8d3bd5", "delegatedAdminRelationshipId": "72a7ae7e-4887-4e34-9755-2e1e9b26b943-63f017cb-9e0d-4f14-94bd-4871902b3409" "status": "active", "createdDateTime": "2022-03-07T22:55:18.6780449Z", "lastModifiedDateTime": "2022-03-11T23:50:35.8970153Z", "accessContainer": { "accessContainerId": "227a2f44-2682-4831-a021-f8d69a34bcba", "accessContainerType": "securityGroup", "accessContainerDisplayName": "Tenant Group Name" }, "accessDetails": { "unifiedRoles": [ { "Name": "Reports Reader", "RoleDefinitionId": "4a5d8f65-41da-4de4-8968-e035b65339cf", "Description": "Can read sign-in and audit reports." }, { "Name": "Directory Readers", "RoleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b", "Description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests." } ] } ]</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Get-GDAPRelationshipAccessAssignment -GDAPRelationshipId $GDAPRelationshipId -Filter "id in ('84c586df-0943-416e-b95f-7289cb8d3bd5', '8d56bce3-440f-4b4f-b5c2-cc0bcbd0199c')" [ { "@odata.type": "#microsoft.graph.delegatedAdminAccessAssignment", "@odata.etag": "W/\"JyIwMDAwMDI5OC0wMDAwLTAyMDAtMDAwMC02MjJiZTA0YjAwMDAiJw==\"", "id": "84c586df-0943-416e-b95f-7289cb8d3bd5", "status": "active", "createdDateTime": "2022-03-07T22:55:18.6780449Z", "lastModifiedDateTime": "2022-03-11T23:50:35.8970153Z", "accessContainer": { "accessContainerId": "6c594a13-bb0c-4884-b91f-194f69107b0e", "accessContainerType": "securityGroup" }, "accessDetails": { "unifiedRoles": [ { "roleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" }, { "roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a" }, { "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" } ] } }, { "@odata.type": "#microsoft.graph.delegatedAdminAccessAssignment", "@odata.etag": "W/\"JyIwMDAwMjAwOC0wMDAwLTAyMDAtMDAwMC02MjJhYWQzYjAwMDAiJw==\"", "id": "8d56bce3-440f-4b4f-b5c2-cc0bcbd0199c", "status": "active", "createdDateTime": "2022-03-10T23:50:35.8970153Z", "lastModifiedDateTime": "2022-03-11T02:00:27.7912161Z", "accessContainer": { "accessContainerId": "3d708049-cf12-404f-88c2-aeaa672eae3e", "accessContainerType": "securityGroup" }, "accessDetails": { "unifiedRoles": [ { "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "roleDefinitionId": "f2ef992c-3afb-46b9-b7cf-a126ee74c451" }, { "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8" }, { "roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5" } ] } } ]</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPRelationshipAccessAssignment.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPRelationshipAccessAssignment.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/delegatedadminrelationship-list-accessassignments</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/delegatedadminrelationship-list-accessassignments</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-GDAPRelationshipRequestLink</command:name> <command:verb>Get</command:verb> <command:noun>GDAPRelationshipRequestLink</command:noun> <maml:description> <maml:para>Builds the GDAP Request link and optionally the IndirectReseller link and boilerplate email text.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Builds the GDAP Request link and optionally the IndirectReseller link and boilerplate email text.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-GDAPRelationshipRequestLink</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>IndirectResellerLink</maml:name> <maml:description> <maml:para>String containing the link that should be included as an indirect reseller link, generated from https://partner.microsoft.com/en-us/dashboard/commerce2/customers/acquire.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GenerateEmailText</maml:name> <maml:description> <maml:para>Should boilerplate email text be generated</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>IndirectResellerLink</maml:name> <maml:description> <maml:para>String containing the link that should be included as an indirect reseller link, generated from https://partner.microsoft.com/en-us/dashboard/commerce2/customers/acquire.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GenerateEmailText</maml:name> <maml:description> <maml:para>Should boilerplate email text be generated</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to Get-GDAPRelationshipRequestLinks.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object. Returns an Object with one or more of the contents of [string]$_.GDAPInvitationLink, [string]$_.IndirectResellerLink, or [string]$_.EmailText.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Get-GDAPRelationshipRequestLinks -GDAPRelationshipID $GDAPRelationshipID -IndirectResellerLink "https://admin.microsoft.com/Adminportal/Home?invType=IndirectResellerRelationship&partnerId=8e849ec1-2b10-4c75-b7dc-6c147a3aabae&msppId=5618430&indirectCSPId=2cc9b753-ed2c-488b-a0d0-903f5f82df76#/BillingAccounts/partner-invitation"</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPRelationshipRequestLink.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Get-GDAPRelationshipRequestLink.md</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Import-GDAPRoleList</command:name> <command:verb>Import</command:verb> <command:noun>GDAPRoleList</command:noun> <maml:description> <maml:para>Imports the list of available GDAP Entra ID Roles, optionally loads a custom role list from a file path or URL. If using a custom file, load this prior to running other module functions, otherwise the functions will reference the included role list.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Imports the list of available GDAP Entra ID Roles, optionally loads a custom role list from a file path or URL. If using a custom file, load this prior to running other module functions, otherwise the functions will reference the included role list.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Import-GDAPRoleList</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>RoleFile</maml:name> <maml:description> <maml:para>Local file path or URL string with the JSON file containing GDAP Entra ID roles, defaults to the included roles file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>RoleFile</maml:name> <maml:description> <maml:para>Local file path or URL string with the JSON file containing GDAP Entra ID roles, defaults to the included roles file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String. File path or URL of a custom role list JSON file.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>List<Object>. Returns a list of Objects with Role Name, RoleDefinitionId, and Description (and any custom properties from a custom list).</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Import-GDAPRoleList</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Import-GDAPRoleList -RoleFile "https://example.com/rolelist.json"</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Import-GDAPRoleList.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Import-GDAPRoleList.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Import-GDAPTemplate</command:name> <command:verb>Import</command:verb> <command:noun>GDAPTemplate</command:noun> <maml:description> <maml:para>Imports a GDAP Template in the form of a JSON file containing the delegatedAdminAccessAssignment objects and optionally roleDefinition strings, duration, and autoExtendDuration that should be applied.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Imports a GDAP Template in the form of a JSON file containing the delegatedAdminAccessAssignment objects and optionally roleDefinition strings, duration, and autoExtendDuration that should be applied. The contents will be parsed to create the list of unique required roles for the delegatedAdminRelationship and to validate the required elements exists. The file path can be local or a URL.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Import-GDAPTemplate</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>TemplateFile</maml:name> <maml:description> <maml:para>Local file path or URL string with the JSON template file containing one or more delegatedAdminAccessAssignment objects and optionally a list of roleDefinition strings.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>SkipValidation</maml:name> <maml:description> <maml:para>Disable the validation of the template against known roles or groups.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>TemplateFile</maml:name> <maml:description> <maml:para>Local file path or URL string with the JSON template file containing one or more delegatedAdminAccessAssignment objects and optionally a list of roleDefinition strings.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>SkipValidation</maml:name> <maml:description> <maml:para>Disable the validation of the template against known roles or groups.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String. The string with local file path or URL of the template JSON file.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object. Returns a generated template of the delegatedAdminRelationship RoleDefinition and delegatedAdminAccessAssignment Group and RoleDefinition that can be used to create or test GDAP Relationships.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Import-GDAPTemplate -TemplateFile "https://example.com/template.json" { "Roles": [ { "Name": "<RoleName1>", "RoleDefinitionId": "<RoleGuid1>", "Description": "<RoleDescription1>" }, { "Name": "<RoleName2>", "RoleDefinitionId": "<RoleGuid2>", "Description": "<RoleDescription2>" }, { "Name": "<RoleName3>", "RoleDefinitionId": "<RoleGuid3>", "Description": "<RoleDescription3>" } ], "AccessAssignment": [ { "accessContainer": { "accessContainerId": "6c594a13-bb0c-4884-b91f-194f69107b0e", }, "accessDetails": { "unifiedRoles": [ { "roleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" }, { "roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a" }, ] } }, { "accessContainer": { "accessContainerId": "3d708049-cf12-404f-88c2-aeaa672eae3e", }, "accessDetails": { "unifiedRoles": [ { "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "roleDefinitionId": "f2ef992c-3afb-46b9-b7cf-a126ee74c451" }, { "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8" }, ] } } ], "Duration": "P730D", "AutoExtendDuration": "P180D" }</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Import-GDAPTemplate -TemplateFile "template.json" -SkipValidation</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Import-GDAPTemplate.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Import-GDAPTemplate.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-GDAPRelationship</command:name> <command:verb>New</command:verb> <command:noun>GDAPRelationship</command:noun> <maml:description> <maml:para>Creates a new GDAP Relationship with the specified parameters. Generates the display name, if required, optionally creates and locks a relatioship request for approval, and returns the created delegatedAdminRelationship object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates a new GDAP Relationship with the specified parameters. Generates the display name, if required, optionally creates and locks a relatioship request for approval, and returns the created delegatedAdminRelationship object.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-GDAPRelationship</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantName</maml:name> <maml:description> <maml:para>The display name of the client's Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantID</maml:name> <maml:description> <maml:para>The client's Tenant ID Guid of their Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GDAPRelationshipName</maml:name> <maml:description> <maml:para>Enter the name of the new GDAP relationship to create. e.g. "GDAP_2023_<Tenant_ID>"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipExpirationInDays</maml:name> <maml:description> <maml:para>The number of days for the GDAP relationship to live, maximum of 730 days. Defaults to 730 days. e.g. 730</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>730</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Duration</maml:name> <maml:description> <maml:para>The duration for the GDAP relationship to live in ISO8601 string format, maximum of 730 days. Defaults to 730 days</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>P730D</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AutoExtendRelationship</maml:name> <maml:description> <maml:para>Switch to indicate that the "autoExtendDuration" value should be set to the allowed extend time of "P180D". Will not take effect if the Global Admin role is included in RoleIDs.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LockForApproval</maml:name> <maml:description> <maml:para>Flag to indicate that the a relationshipRequest should be created and set to LockForApproval.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>New-GDAPRelationship</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantName</maml:name> <maml:description> <maml:para>The display name of the client's Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantID</maml:name> <maml:description> <maml:para>The client's Tenant ID Guid of their Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GDAPRelationshipName</maml:name> <maml:description> <maml:para>Enter the name of the new GDAP relationship to create. e.g. "GDAP_2023_<Tenant_ID>"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipExpirationInDays</maml:name> <maml:description> <maml:para>The number of days for the GDAP relationship to live, maximum of 730 days. Defaults to 730 days. e.g. 730</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>730</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Duration</maml:name> <maml:description> <maml:para>The duration for the GDAP relationship to live in ISO8601 string format, maximum of 730 days. Defaults to 730 days</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>P730D</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AutoExtendRelationship</maml:name> <maml:description> <maml:para>Switch to indicate that the "autoExtendDuration" value should be set to the allowed extend time of "P180D". Will not take effect if the Global Admin role is included in RoleIDs.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LockForApproval</maml:name> <maml:description> <maml:para>Flag to indicate that the a relationshipRequest should be created and set to LockForApproval.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>New-GDAPRelationship</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantName</maml:name> <maml:description> <maml:para>The display name of the client's Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantID</maml:name> <maml:description> <maml:para>The client's Tenant ID Guid of their Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipExpirationInDays</maml:name> <maml:description> <maml:para>The number of days for the GDAP relationship to live, maximum of 730 days. Defaults to 730 days. e.g. 730</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>730</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Duration</maml:name> <maml:description> <maml:para>The duration for the GDAP relationship to live in ISO8601 string format, maximum of 730 days. Defaults to 730 days</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>P730D</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AutoExtendRelationship</maml:name> <maml:description> <maml:para>Switch to indicate that the "autoExtendDuration" value should be set to the allowed extend time of "P180D". Will not take effect if the Global Admin role is included in RoleIDs.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipPrefix</maml:name> <maml:description> <maml:para>The prefix to use in the generated GDAP relationship name. e.g. CompName</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LockForApproval</maml:name> <maml:description> <maml:para>Flag to indicate that the a relationshipRequest should be created and set to LockForApproval.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>New-GDAPRelationship</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantName</maml:name> <maml:description> <maml:para>The display name of the client's Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantID</maml:name> <maml:description> <maml:para>The client's Tenant ID Guid of their Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipExpirationInDays</maml:name> <maml:description> <maml:para>The number of days for the GDAP relationship to live, maximum of 730 days. Defaults to 730 days. e.g. 730</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>730</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Duration</maml:name> <maml:description> <maml:para>The duration for the GDAP relationship to live in ISO8601 string format, maximum of 730 days. Defaults to 730 days</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>P730D</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AutoExtendRelationship</maml:name> <maml:description> <maml:para>Switch to indicate that the "autoExtendDuration" value should be set to the allowed extend time of "P180D". Will not take effect if the Global Admin role is included in RoleIDs.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipPrefix</maml:name> <maml:description> <maml:para>The prefix to use in the generated GDAP relationship name. e.g. CompName</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LockForApproval</maml:name> <maml:description> <maml:para>Flag to indicate that the a relationshipRequest should be created and set to LockForApproval.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantName</maml:name> <maml:description> <maml:para>The display name of the client's Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>ClientTenantID</maml:name> <maml:description> <maml:para>The client's Tenant ID Guid of their Entra ID tenant as displayed in the client's Entra Admin Center at https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GDAPRelationshipName</maml:name> <maml:description> <maml:para>Enter the name of the new GDAP relationship to create. e.g. "GDAP_2023_<Tenant_ID>"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipExpirationInDays</maml:name> <maml:description> <maml:para>The number of days for the GDAP relationship to live, maximum of 730 days. Defaults to 730 days. e.g. 730</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>730</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Duration</maml:name> <maml:description> <maml:para>The duration for the GDAP relationship to live in ISO8601 string format, maximum of 730 days. Defaults to 730 days</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>P730D</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AutoExtendRelationship</maml:name> <maml:description> <maml:para>Switch to indicate that the "autoExtendDuration" value should be set to the allowed extend time of "P180D". Will not take effect if the Global Admin role is included in RoleIDs.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RelationshipPrefix</maml:name> <maml:description> <maml:para>The prefix to use in the generated GDAP relationship name. e.g. CompName</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>LockForApproval</maml:name> <maml:description> <maml:para>Flag to indicate that the a relationshipRequest should be created and set to LockForApproval.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the accessAssignment role names and descriptions. Adds accessDetails.unifiedRoles.Name and accessDetails.unifiedRoles.Description to the delegatedAdminRelationship object type.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to New-GDAPRelationship.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object. Returns a PSObject with contents of type delegatedAdminRelationship.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>New-GDAPRelationship -ClientTenantName "Client Tenant Name" -ClientTenantID "<TenantGUID>" -RelationshipPrefix "<PartnerOrgName>" -RoleDefinition "<Role1>","<Role2>","<Role3>" -LockForApproval -Detailed -GraphBaseURL "https://graph.microsoft.com/v1.0/" { "@odata.type": "#microsoft.graph.delegatedAdminRelationship", "accessDetails": { "unifiedRoles": [ { "Name": "<RoleName1>", "RoleDefinitionId": "<RoleGuid1>", "Description": "<RoleDescription1>" }, { "Name": "<RoleName2>", "RoleDefinitionId": "<RoleGuid2>", "Description": "<RoleDescription2>" }, { "Name": "<RoleName3>", "RoleDefinitionId": "<RoleGuid3>", "Description": "<RoleDescription3>" } ] }, "customer": { "displayName": "Client Tenant Name", "tenantId": "<TenantGUID>" }, "displayName": "<PartnerOrgName>_<Year>_<TenantGUID>", "duration": "P730D", "id": "b9236c36-db8a-4945-97d0-6ef64df0c78b-1917a718-62fc-42f2-9712-33fcc2444049" }</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>New-GDAPRelationship -GDAPRelationshipName "NewClient_2023_GDAPRelationship" -RoleDefinition $RoleIDs -GraphBaseURL "https://graph.microsoft.com/v1.0/" { "@odata.type": "#microsoft.graph.delegatedAdminRelationship", "accessDetails": {"@odata.type": "microsoft.graph.delegatedAdminAccessDetails"}, "customer": {"@odata.type": "microsoft.graph.delegatedAdminRelationshipCustomerParticipant"}, "displayName": "NewClient_2023_GDAPRelationship", "duration": "P730D", "id": "cc61b71e-ab8e-413e-8e0d-0b93c98cc17d-6f3b3e13-9c0a-410d-9c1f-db65119437ab" }</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/New-GDAPRelationship.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/New-GDAPRelationship.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/tenantrelationship-post-delegatedadminrelationships</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/tenantrelationship-post-delegatedadminrelationships</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-GDAPRelationshipAccessAssignment</command:name> <command:verb>New</command:verb> <command:noun>GDAPRelationshipAccessAssignment</command:noun> <maml:description> <maml:para>Assign the supplied Security Group with attached Entra ID role IDs to the specified GDAP Relationship.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Assign the supplied Security Group with attached Entra ID role IDs to the specified GDAP Relationship. Checks for and requires that the GDAP Relationship be in a valid state.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>Entra ID Group Object ID Guid or Display Name to assign specific Entra ID roles.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>Entra ID Group Object ID Guid or Display Name to assign specific Entra ID roles.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or Names to be assigned to the specific Group. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Detailed</maml:name> <maml:description> <maml:para>Flag to indicate that the returned value should include the group displayName and accessAssignment role names and descriptions. Adds delegatedAdminRelationshipId, accessContainer.accessContainerDisplayName, accessDetails.unifiedRoles.Name, and accessDetails.unifiedRoles.Description to the delegatedAdminAccessAssignment object type.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to New-GDAPRelationshipAccessAssignment.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object. Returns a PSObject with contents of type delegatedAdminAccessAssignment.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>New-GDAPRelationshipAccessAssignment -GDAPRelationshipId $GDAPRelationshipId -Group "2e7731c4-4d77-42fb-83dd-a876dc1167f5" -RoleDefinition "Directory Readers","88d8e3e3-8f55-4a1e-953a-9b9898b8876b" -Detailed -GraphBaseURL "https://graph.microsoft.com/v1.0/" { "@odata.type": "#microsoft.graph.delegatedAdminAccessAssignment", "@odata.context": "https://graph.microsoft.com/v1.0/tenantRelationships/$metadata#accessAssignments", "@odata.etag": "W/\"JyIxODAwZTY4My0wMDAwLTAyMDAtMDAwMC02MTU0OWFmMDAwMDAiJw==\"", "id": "a9d6cf90-083a-47dc-ace2-1da98be3f344", "delegatedAdminRelationshipId": "72a7ae7e-4887-4e34-9755-2e1e9b26b943-63f017cb-9e0d-4f14-94bd-4871902b3409" "status": "pending", "createdDateTime": "2022-02-13T10:33:52.3182097Z", "lastModifiedDateTime": "2022-02-13T10:33:52.3182097Z", "accessContainer": { "accessContainerId": "2e7731c4-4d77-42fb-83dd-a876dc1167f5", "accessContainerType": "securityGroup", "accessContainerDisplayName": "Tenant Group Name" }, "accessDetails": { "unifiedRoles": [ { "Name": "Reports Reader", "RoleDefinitionId": "4a5d8f65-41da-4de4-8968-e035b65339cf", "Description": "Can read sign-in and audit reports." }, { "Name": "Directory Readers", "RoleDefinitionId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b", "Description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests." }, ] } }</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>New-GDAPRelationshipAccessAssignment -GDAPRelationshipId $GDAPRelationshipId -Group "Tenant Access Group" -RoleDefinition "Directory Readers", "Exchange Administrator" -GraphBaseURL "https://graph.microsoft.com/v1.0/"</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/New-GDAPRelationshipAccessAssignment.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/New-GDAPRelationshipAccessAssignment.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/delegatedadminrelationship-post-accessassignments</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/delegatedadminrelationship-post-accessassignments</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-GDAPRelationship</command:name> <command:verb>Remove</command:verb> <command:noun>GDAPRelationship</command:noun> <maml:description> <maml:para>Terminates or removes an existing GDAP Relationship depending on the current status.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Terminates or removes an existing GDAP Relationship depending on the current status. Verifies the status is capable of being terminated.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-GDAPRelationship</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipObject</maml:name> <maml:description> <maml:para>delegatedAdminRelationship Object containing, at minimum, GDAP Relationship ID ( .Id), OData eTag ($ ."@odata.etag"), and status ($_.status).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-GDAPRelationship</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipObject</maml:name> <maml:description> <maml:para>delegatedAdminRelationship Object containing, at minimum, GDAP Relationship ID ( .Id), OData eTag ($ ."@odata.etag"), and status ($_.status).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Object. Type of delegatedAdminRelationship.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Bool. Returns a bool with status of the termination request.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Remove-GDAPRelationship -GDAPRelationshipObject @{id = "d54ed5c2-54d9-4c10-9350-c583192bd7e5-8f18a69b-1c57-4e4b-8b9a-5072c151f077"; '@odata.etag' = 'W/"JyIzMjAwOTVkYy0wMDAwLTE4MDAtMDAwMC02NGY2NjAxMTAwMDAiJw=="'; status = "active"} -GraphBaseURL "https://graph.microsoft.com/v1.0/" $true</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Remove-GDAPRelationship.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Remove-GDAPRelationship.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/delegatedadminrelationship-delete</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/delegatedadminrelationship-delete</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminrelationship</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-GDAPRelationshipAccessAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>GDAPRelationshipAccessAssignment</command:noun> <maml:description> <maml:para>Terminates an existing GDAP Relationship Access Assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Terminates an existing GDAP Relationship Access Assignment. Verifies the status is capable of being terminated.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP Relationship ID for the relationship containing the delegatedAdminAccessAssignment to be removed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>AccessAssignmentId</maml:name> <maml:description> <maml:para>The GUID formatted id of the delegatedAdminAccessAssignment to be removed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-GDAPRelationshipAccessAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>AccessAssignmentObject</maml:name> <maml:description> <maml:para>Object containing details from type delegatedAdminAccessAssignment, at minimum, Access Assignment ID ( .Id), OData eTag ($ ."@odata.etag"), and status ($_.status).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP Relationship ID for the relationship containing the delegatedAdminAccessAssignment to be removed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>AccessAssignmentObject</maml:name> <maml:description> <maml:para>Object containing details from type delegatedAdminAccessAssignment, at minimum, Access Assignment ID ( .Id), OData eTag ($ ."@odata.etag"), and status ($_.status).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Object</command:parameterValue> <dev:type> <maml:name>Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>AccessAssignmentId</maml:name> <maml:description> <maml:para>The GUID formatted id of the delegatedAdminAccessAssignment to be removed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to New-GDAPRelationshipAccessAssignment.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Bool. Returns a bool with status of the termination request.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Remove-GDAPRelationshipAccessAssignment -GDAPRelationshipId "d54ed5c2-54d9-4c10-9350-c583192bd7e5-8f18a69b-1c57-4e4b-8b9a-5072c151f077" -GDAPRelationshipAccessAssignmentObject ` @{id = "6a252793-4bc0-4677-a96b-15813982697e"; '@odata.etag' = 'W/"JyIzMjAwOTVkYy0wMDAwLTE4MDAtMDAwMC02NGY2NjAxMTAwMDAiJw=="'; status = "active"} -GraphBaseURL "https://graph.microsoft.com/v1.0/" $true</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- EXAMPLE 2 --------------------------</maml:title> <dev:code>Remove-GDAPRelationshipAccessAssignment -GDAPRelationshipId "d54ed5c2-54d9-4c10-9350-c583192bd7e5-8f18a69b-1c57-4e4b-8b9a-5072c151f077" GDAPRelationshipAccessAssignmentId "6a252793-4bc0-4677-a96b-15813982697e" -GraphBaseURL "https://graph.microsoft.com/v1.0/" $true</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Remove-GDAPRelationshipAccessAssignment.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Remove-GDAPRelationshipAccessAssignment.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/delegatedadminaccessassignment-delete</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/delegatedadminaccessassignment-delete</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/graph/api/resources/delegatedadminaccessassignment</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Start-GDAPRemediation</command:name> <command:verb>Start</command:verb> <command:noun>GDAPRemediation</command:noun> <maml:description> <maml:para>Begins the automated GDAP Relationship remediation process based on provided JSON Remediation templates generated from Build-GDAPRemediation.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Begins the automated GDAP Relationship remediation process based on provided JSON Remediation templates generated from Build-GDAPRemediation.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Start-GDAPRemediation</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>RemediationTemplateFile</maml:name> <maml:description> <maml:para>Local file path(s) or URL string(s) with the JSON template file(s) containing the GDAP Remediation template.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>RemediationTemplateFile</maml:name> <maml:description> <maml:para>Local file path(s) or URL string(s) with the JSON template file(s) containing the GDAP Remediation template.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="wi"> <maml:name>WhatIf</maml:name> <maml:description> <maml:para>Shows what would happen if the cmdlet runs. The cmdlet is not run.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="cf"> <maml:name>Confirm</maml:name> <maml:description> <maml:para>Prompts you for confirmation before running the cmdlet.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>List<String>.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>None.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Start-GDAPRemediation -RemediationTemplateFile $FilePath</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Start-GDAPRemediation.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Start-GDAPRemediation.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Test-GDAPRelationshipStatus</command:name> <command:verb>Test</command:verb> <command:noun>GDAPRelationshipStatus</command:noun> <maml:description> <maml:para>Tests if an existing GDAP Relationship matches</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Gets the list of available GDAP Entra ID Roles.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Test-GDAPRelationshipStatus</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>DelegatedAdminAccessAssignment</maml:name> <maml:description> <maml:para>List containing the delegatedAdminAccessAssignment objects to validate the relationship against.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.Object]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.Object]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or role Names to compare to the list of roles assigned to the adminRelationship. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Differences</maml:name> <maml:description> <maml:para>Switch to enable the return of the differences between the existing and provided relationships.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>GDAPRelationshipID</maml:name> <maml:description> <maml:para>The GDAP relationship ID provided during the GDAP relationship request creation process.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>DelegatedAdminAccessAssignment</maml:name> <maml:description> <maml:para>List containing the delegatedAdminAccessAssignment objects to validate the relationship against.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.Object]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.Object]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>RoleDefinition</maml:name> <maml:description> <maml:para>List of Entra ID role Guids or role Names to compare to the list of roles assigned to the adminRelationship. e.g. "Directory Readers","892c5842-a9a6-463a-8041-72aa08ca3cf6","69091246-20e8-4a56-aa4d-066075b2a7a8"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Differences</maml:name> <maml:description> <maml:para>Switch to enable the return of the differences between the existing and provided relationships.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>GraphBaseURL</maml:name> <maml:description> <maml:para>The base URL to use to query the Graph API with trailing slash, defaults to the v1.0 Graph API. e.g. https://graph.microsoft.com/v1.0/</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Https://graph.microsoft.com/v1.0/</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None. You can't pipe objects to Test-GDAPRelationshipStatus.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>bool or System.Object.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- EXAMPLE 1 --------------------------</maml:title> <dev:code>Test-GDAPRelationshipStatus</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Test-GDAPRelationshipStatus.md</maml:linkText> <maml:uri>https://bitbucket.org/BEMA-Primary/gdaprelationships/src/main/docs/Test-GDAPRelationshipStatus.md</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:linkText> <maml:uri>https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |