As Microsoft moves away from the legacy AzureAD module, it’s essential to migrate your administrative scripts to the Microsoft Graph PowerShell SDK. One such shift involves replacing Get-AzureADDirectoryRoleMember with its Graph-based equivalent: Get-MgDirectoryRoleMember.
This article explains the migration and provides real-world examples to help you make the transition with ease.
With the AzureAD module, you may have used commands like:
Get-AzureADDirectoryRoleMember -ObjectId These commands allowed you to retrieve directory roles, look them up by name, and list members in each role.
This helped you retrieve users, service principals, or groups assigned to a specific directory role. For more detailed information, additional commands like Get-AzureADUser were often used.
With the Graph PowerShell SDK, the equivalent is:
Get-MgDirectoryRoleMember -DirectoryRoleId <DirectoryRoleId>You can also enhance the output by combining it with Get-MgUser and using features like -ExpandProperty to access nested data (e.g., managers).
$roleId = "f8cdef31-a31e-4b4a-93e4-5f571e91255a" # Replace with your DirectoryRoleId
Get-MgDirectoryRoleMember -DirectoryRoleId $roleIdThis fetches all members (users, service principals, groups) assigned to a specific directory role.
$roleId = "f8cdef31-a31e-4b4a-93e4-5f571e91255a"
$members = Get-MgDirectoryRoleMember -DirectoryRoleId $roleId
foreach ($member in $members) {
Get-MgUser -UserId $member.Id | Select-Object Id, DisplayName, UserPrincipalName
}
Use Get-MgUser cmdlet with Get-MgDirectoryRoleMember to extract detailed user info
$roleId = "f8cdef31-a31e-4b4a-93e4-5f571e91255a"
$members = Get-MgDirectoryRoleMember -DirectoryRoleId $roleId
$filteredMembers = foreach ($member in $members) {
$user = Get-MgUser -UserId $member.Id
if ($user.DisplayName -like "Admin*") {
$user
}
}
$filteredMembers | Select-Object Id, DisplayName, UserPrincipalName
Filter users based on specific attributes like DisplayName, Department, or JobTitle.
$roleId = "f8cdef31-a31e-4b4a-93e4-5f571e91255a"
$members = Get-MgDirectoryRoleMember -DirectoryRoleId $roleId
foreach ($member in $members) {
$userWithManager = Get-MgUser -UserId $member.Id -ExpandProperty "manager"
if ($userWithManager.Manager) {
$managerDisplayName = $userWithManager.Manager.AdditionalProperties["displayName"]
[PSCustomObject]@{
UserId = $userWithManager.Id
DisplayName = $userWithManager.DisplayName
UserPrincipalName = $userWithManager.UserPrincipalName
ManagerDisplayName = $managerDisplayName
}
}
}
This example fetches both the role member and their manager's name using Microsoft Graph's expand feature.
| Feature | Get-AzureADDirectoryRoleMember | Get-MgDirectoryRoleMember |
| Module | AzureAD | Microsoft.Graph |
| Object Types Returned | User, Group, ServicePrincipal | Same |
| Output Detail | Moderate (includes displayName, UPN) | Minimal (ID only) |
| Manager Expansion | Not supported | ✅ Supported via -ExpandProperty in Get-MgUser |
| Future-proof | ❌ Deprecated | ✅ Supported and actively developed |
Migrating from Get-AzureADDirectoryRoleMember to Get-MgDirectoryRoleMember is a straightforward but important step in adopting the Microsoft Graph PowerShell SDK. While the newer cmdlet offers a similar core function, it gives you more flexibility and deeper integration capabilities, especially when combined with Get-MgUser.
Use the examples above to confidently upgrade your scripts and future-proof your administrative automation.
Visit M365Corner.com for ready-to-use free Microsoft Graph PowerShell tools and step-by-step migration guides built for Microsoft 365 administrators.
© Your Site Name. All Rights Reserved. Design by HTML Codex