Returns the Role-Based Access Control (RBAC) roles assigned to a user.
Syntax
Get-CsAdminRoleAssignment [-Identity] <String> [-LocalStore] [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-WarningAction <ActionPreference>] [-ErrorVariable <String>] [-WarningVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>] |
Parameters
Parameter | Required | Type | Description |
---|---|---|---|
Identity |
Required |
String |
SamAccountName of the user whose RBAC roles are to be returned, You can retrieve the SamAccountName for a user by using a command similar to this: Get-CsUser "Ken Myer" | Select-Object SamAccountName Note that you must use the SamAccountName when specifying the user Identity. Other common values used when specifying identities – such as Active Directory display name or SIP address – will not work with Get-CsAdminRoleAssignment. |
LocalStore |
Optional |
Switch Parameter |
This parameter is for testing purposes only. |
Detailed Description
Role-Based Access control (RBAC) enables administrators to delegate control of specific management tasks for Microsoft Communications Server. For example, instead of granting help desk and support personnel full administrator privileges, you can give these employees very specific rights: the right to manage user accounts, and only user accounts; the right to manage Enterprise Voice components, and only Enterprise Voice components; the right to manage archiving and Archiving Server, and only archiving and Archiving Server. In addition, these rights can be limited in scope: someone can be given the right to manage Enterprise Voice, but only in the Redmond site; while someone else can be given the right to manage users, but only if those user accounts are in the Finance OU.
The Get-CsAdminRoleAssignment cmdlet provides a way for you to retrieve the RBAC roles that have been assigned to a user.
Return Types
Get-CsAdminRoleAssignment returns string values representing the RBAC roles held by the specified user.
Examples
-------------------------- Example 1 ------------------------
Copy Code | |
---|---|
Get-CsAdminRoleAssignment -Identity "kenmyer" |
The command shown in Example 1 returns all the RBAC roles assigned to the user kenmyer.
-------------------------- Example 2 ------------------------
Copy Code | |
---|---|
Get-CsUser | ForEach-Object {$_.DisplayName; Get-CsAdminRoleAssignment -Identity $_.SamAccountName} |
The preceding command returns the RBAC roles for all the users who have been enabled for Microsoft Communications Server. To do this, the command begins by calling Get-CsUser without any parameters; that returns a collection of all the Communications Server-enabled users in the organization. This data is then piped to the ForEach-Object cmdlet, which loops through each user account in the collection and, for each account: 1) echoes the user’s display name to the screen ($_.DisplayName); and, 2) uses Get-CsAdminRoleAssignment to return the user’s RBAC roles. The user account information must be piped to ForEach-Object because Get-CsAdminRoleAssignment does not directly accept pipelined data.