chrburmeister/Get-AzureAdRoleAssignments.ps1

## Get-AzureAdRoleAssignments.ps1
#Requires -Version 5.1
#Requires -Modules Microsoft.Graph
#Requires -PSEdition Desktop

Connect-MgGraph -Scopes RoleEligibilitySchedule.Read.Directory, RoleAssignmentSchedule.Read.Directory, CrossTenantInformation.ReadBasic.All, AuditLog.Read.All, User.Read.All
Select-MgProfile -Name Beta

# get all user to resolve IDs
$users = Get-MgUser -All
# get all groups to resolve IDs
$groups = Get-MgGroup -All

# get all Azure AD role definitions to resolve IDs
$roles = Get-MgRoleManagementDirectoryRoleDefinition

# get all role assignments
$eligible_role_assignments = Get-MgRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty "*" -All:$true
$assigned_role_assignments = Get-MgRoleManagementDirectoryRoleAssignmentScheduleInstance -ExpandProperty "*" -All:$true

[System.Collections.ArrayList]$resolved_assignments = @()

foreach ($assignment in $eligible_role_assignments) {
    $user = $users | Where-Object { $_.id -eq $assignment.PrincipalId }
    $group = $groups | Where-Object { $_.id -eq $assignment.PrincipalId }

    $obj = [pscustomobject]@{
        'role'         = $roles | Where-Object { $_.id -eq $assignment.RoleDefinitionId } | Select-Object -ExpandProperty DisplayName
        'user'         = $user  | Select-Object -ExpandProperty UserPrincipalName
        'group'        = $group | Select-Object -ExpandProperty DisplayName
        'user_enabled' = $user  | Select-Object -ExpandProperty AccountEnabled
    }

    $resolved_assignments.Add($obj) | Out-Null
}

foreach ($assignment in $assigned_role_assignments) {
    $user = $users | Where-Object { $_.id -eq $assignment.PrincipalId }
    $group = $groups | Where-Object { $_.id -eq $assignment.PrincipalId }

    $obj = [pscustomobject]@{
        'role'         = $roles | Where-Object { $_.id -eq $assignment.RoleDefinitionId } | Select-Object -ExpandProperty DisplayName
        'user'         = $user  | Select-Object -ExpandProperty UserPrincipalName
        'group'        = $group | Select-Object -ExpandProperty DisplayName
        'user_enabled' = $user  | Select-Object -ExpandProperty AccountEnabled
    }

    $resolved_assignments.Add($obj) | Out-Null
}

Write-Output $resolved_assignments
	#Requires -Version 5.1
	#Requires -Modules Microsoft.Graph
	#Requires -PSEdition Desktop

	Connect-MgGraph -Scopes RoleEligibilitySchedule.Read.Directory, RoleAssignmentSchedule.Read.Directory, CrossTenantInformation.ReadBasic.All, AuditLog.Read.All, User.Read.All
	Select-MgProfile -Name Beta

	# get all user to resolve IDs
	$users = Get-MgUser -All
	# get all groups to resolve IDs
	$groups = Get-MgGroup -All

	# get all Azure AD role definitions to resolve IDs
	$roles = Get-MgRoleManagementDirectoryRoleDefinition

	# get all role assignments
	$eligible_role_assignments = Get-MgRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty "*" -All:$true
	$assigned_role_assignments = Get-MgRoleManagementDirectoryRoleAssignmentScheduleInstance -ExpandProperty "*" -All:$true

	[System.Collections.ArrayList]$resolved_assignments = @()

	foreach ($assignment in $eligible_role_assignments) {
	$user = $users \| Where-Object { $_.id -eq $assignment.PrincipalId }
	$group = $groups \| Where-Object { $_.id -eq $assignment.PrincipalId }

	$obj = [pscustomobject]@{
	'role' = $roles \| Where-Object { $_.id -eq $assignment.RoleDefinitionId } \| Select-Object -ExpandProperty DisplayName
	'user' = $user \| Select-Object -ExpandProperty UserPrincipalName
	'group' = $group \| Select-Object -ExpandProperty DisplayName
	'user_enabled' = $user \| Select-Object -ExpandProperty AccountEnabled
	}

	$resolved_assignments.Add($obj) \| Out-Null
	}

	foreach ($assignment in $assigned_role_assignments) {
	$user = $users \| Where-Object { $_.id -eq $assignment.PrincipalId }
	$group = $groups \| Where-Object { $_.id -eq $assignment.PrincipalId }

	$obj = [pscustomobject]@{
	'role' = $roles \| Where-Object { $_.id -eq $assignment.RoleDefinitionId } \| Select-Object -ExpandProperty DisplayName
	'user' = $user \| Select-Object -ExpandProperty UserPrincipalName
	'group' = $group \| Select-Object -ExpandProperty DisplayName
	'user_enabled' = $user \| Select-Object -ExpandProperty AccountEnabled
	}

	$resolved_assignments.Add($obj) \| Out-Null
	}

	Write-Output $resolved_assignments