Remove elevated access

Linda Renate Andersen 196 Reputation points
2020-10-29T12:34:17.953+00:00

Hi,

I am to delete/remove users from the "User Access Adminstrator" role, as they were assigned to this role directly at the beginning of the prosject. Problem is that I am not able to remove them all. I can remove my self and one other user (which is not eligible for Global Admin) with this script:

Remove-AzRoleAssignment -SignInName <username@ssss .com> `
-RoleDefinitionName "User Access Administrator" -Scope "/"

However, the 3 remaining (which is eligible for global admin), I receive the following error:

36111-image.png

I als o tried running the script with my Security admin role, which did not help. Scope for these user are "Root (Inherited).

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,434 questions
0 comments
Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,456 Reputation points
    2020-10-29T17:47:40.73+00:00

    Hello @Linda Renate Andersen . Try Elevating access for a Global Administrator, this will assign him the User Access Administrator role in Azure at root scope which should allow you to remove the other users assignments.

    Let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.