Public/Get-ADRole.ps1

#requires -module Microsoft.Graph.DeviceManagement.Enrolment
using namespace Microsoft.Graph.PowerShell.Models

function Get-ADRole {
    [CmdletBinding()]
    param(
        #Fetch roles for everyone, not just yourself. This usually requires additional permissions.
        [Switch]$All,
        #Only fetch activated eligible roles.
        [Parameter(ParameterSetName = 'Enabled')][Switch]$Activated,
        #The ID of the role to fetch
        $Identity,
        #An OAuth Filter to limit what is retrieved. This is ignored if Id is used
        [String]$Filter
    )

    process {
        #HACK: Cannot do this query with the existing cmdlets

        [string]$userFilter = if (-not $All) {
            "/filterByCurrentUser(on='principal')"
        } else {
            [String]::Empty
        }
        [string]$type = if ($Activated) {
            'roleAssignmentScheduleInstances'
        } else {
            'roleEligibilitySchedules'
        }
        if ($Identity) {
            $Filter = "id eq '$Identity'"
        }
        [string]$objectFilter = if ($Filter) {
            "&`$filter=$filter"
        } else {
            [String]::Empty
        }

        $requestUri = "v1.0/roleManagement/directory/${type}${userFilter}?`$expand=principal,roledefinition${objectFilter}"

        #HACK: For some reason in a cmdlet context Invoke-MgGraphRequest errors dont terminate without a try/catch
        try {
            $response = Invoke-MgGraphRequest -Uri $requestUri -ErrorAction stop -Verbose:$false |
                Select-Object -ExpandProperty Value
        } catch {
            throw (Convert-GraphHttpException $PSItem)
        }

        $typedResponse = if ($Activated) {
            [MicrosoftGraphUnifiedRoleAssignmentScheduleInstance[]]$response | Where-Object AssignmentType -EQ 'Activated'
        } else {
            [MicrosoftGraphUnifiedRoleEligibilitySchedule[]]$response
        }

        #HACK: Rehydrate directoryscopeId, there is a bug in v1.0 that prevents using $expand for this
        #Ref: https://github.com/microsoftgraph/microsoft-graph-docs/issues/16936#issuecomment-1129386441
        foreach ($scheduleItem in $typedResponse) {
            if ($scheduleItem.DirectoryScopeId -eq '/') {
                $scheduleItem.DirectoryScope.Id = '/'
            } else {
                $scheduleItem.DirectoryScope = Invoke-MgGraphRequest -Verbose:$false -Method 'get' "v1.0/directory/$($scheduleItem.DirectoryScopeId)"
            }
        }

        $typedResponse
    }
}