[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

Returns the Role-Based Access Control (RBAC) roles assigned to a user.


Get-CsAdminRoleAssignment [-Identity] <String> [-LocalStore] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-WarningAction <ActionPreference>] [-ErrorVariable <String>] [-WarningVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>]


Parameter Required Type Description




SamAccountName of the user whose RBAC roles are to be returned, You can retrieve the SamAccountName for a user by using a command similar to this:

Get-CsUser "Ken Myer" | Select-Object SamAccountName

Note that you must use the SamAccountName when specifying the user Identity. Other common values used when specifying identities – such as Active Directory display name or SIP address – will not work with Get-CsAdminRoleAssignment.



Switch Parameter

This parameter is for testing purposes only.

Detailed Description

Role-Based Access control (RBAC) enables administrators to delegate control of specific management tasks for Microsoft Communications Server. For example, instead of granting help desk and support personnel full administrator privileges, you can give these employees very specific rights: the right to manage user accounts, and only user accounts; the right to manage Enterprise Voice components, and only Enterprise Voice components; the right to manage archiving and Archiving Server, and only archiving and Archiving Server. In addition, these rights can be limited in scope: someone can be given the right to manage Enterprise Voice, but only in the Redmond site; while someone else can be given the right to manage users, but only if those user accounts are in the Finance OU.

The Get-CsAdminRoleAssignment cmdlet provides a way for you to retrieve the RBAC roles that have been assigned to a user.

Return Types

Get-CsAdminRoleAssignment returns string values representing the RBAC roles held by the specified user.


-------------------------- Example 1 ------------------------

Copy Code
Get-CsAdminRoleAssignment -Identity "kenmyer"

The command shown in Example 1 returns all the RBAC roles assigned to the user kenmyer.

-------------------------- Example 2 ------------------------

Copy Code
Get-CsUser | ForEach-Object {$_.DisplayName; Get-CsAdminRoleAssignment -Identity $_.SamAccountName}

The preceding command returns the RBAC roles for all the users who have been enabled for Microsoft Communications Server. To do this, the command begins by calling Get-CsUser without any parameters; that returns a collection of all the Communications Server-enabled users in the organization. This data is then piped to the ForEach-Object cmdlet, which loops through each user account in the collection and, for each account: 1) echoes the user’s display name to the screen ($_.DisplayName); and, 2) uses Get-CsAdminRoleAssignment to return the user’s RBAC roles. The user account information must be piped to ForEach-Object because Get-CsAdminRoleAssignment does not directly accept pipelined data.