Remove-RdsRoleAssignment

Module:

WindowsVirtualDesktopPowershell

Removes a role assignment.

Syntax

Remove-RdsRoleAssignment  []

Remove-RdsRoleAssignment
      [-TenantGroupName <String>]
      [-TenantName <String>]
      [-HostPoolName <String>]
      [-AppGroupName <String>]
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -SignInName <string>
      -TenantName <string>
      [-AADTenantId <string>]
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -SignInName <string>
      -TenantName <string>
      -HostPoolName <string>
      [-AADTenantId <string>]
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -SignInName <string>
      -TenantName <string>
      -HostPoolName <string>
      -AppGroupName <string>
      [-AADTenantId <string>]
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -ApplicationId <string>
      -Deployment 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -ApplicationId <string>
      -TenantGroupName <string>
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -ApplicationId <string>
      -TenantName <string>
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -ApplicationId <string>
      -TenantName <string>
      -HostPoolName <string>
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <String>
      -ApplicationId <String>
      [-TenantGroupName <String>]
      [-TenantName <String>]
      [-HostPoolName <String>]
      [-AppGroupName <String>]
      [<CommonParameters>]

Remove-RdsRoleAssignment
      [-RoleDefinitionName] <string>
      -ApplicationId <string>
      -TenantName <string>
      -HostPoolName <string>
      -AppGroupName <string>
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      -RoleDefinitionName <string>
      -GroupObjectId <string>
      -AADTenantId <string>
      -Deployment
      [<CommonParameters>]

Remove-RdsRoleAssignment
      -RoleDefinitionName <string>
      -GroupObjectId <string>
      -AADTenantId <string>
      -TenantGroupName <string> 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      -RoleDefinitionName <string>
      -TenantName <string>
      [-GroupObjectId <string>]
      [-AADTenantId <string>]
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      -RoleDefinitionName <string>
      -TenantName <string>
      -HostPoolName <string>
      [-GroupObjectId <string>]
      [-AADTenantId <string>]
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Remove-RdsRoleAssignment
      -RoleDefinitionName <string>
      -TenantName <string>
      -HostPoolName <string>
      -AppGroupName <string>
      [-GroupObjectId <string>]
      [-AADTenantId <string>]
      [-TenantGroupName <string>] 
      [<CommonParameters>]

Description

The Remove-RdsRoleAssignment cmdlet removes a role assignment by specifying the three properties of a role assignment: the role, the principal, and the scope.

To define the role, you can use one of the following parameters:

• RDS Owner
• RDS Contributor
• RDS Reader
• RDS Operator

To specify the principal, you can use one of the following parameters:

• SignInName
• ApplicationId
• GroupObjectId

To define the scope, you can use a combination of the following parameters:

• TenantGroupName
• TenantName
• HostPoolName
• AppGroupName

Examples

Example 1: Remove a role assignment for a user

PS C:\> Remove-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -SignInName "admin@contoso.com" -TenantGroupName "Default Tenant Group" -TenantName "contoso" -HostPoolName "contosoHostPool" -AppGroupName "Desktop Application Group"

This command removes the role assignment for admin@contoso.com who is assigned to the RDS Owner role at the "Desktop Application Group" app group scope.

Example 2: Remove a role assignment for a service principal

PS C:\> Remove-RdsRoleAssignment -RoleDefinitionName "RDS Reader" -ApplicationId "yyyy-yyyy-yyyy-yyyy-yyyy" -TenantGroupName "contosoTenantGroup" -TenantName "contosoA" -HostPoolName "contosoAHostPool"

This command removes the role assignment for the specified service principal who is assigned to the RDS Reader role at the "contosoAHostPool" host pool scope.

Example 3: Remove a role assignment for an Azure AD group

PS C:\> Remove-RdsRoleAssignment -RoleDefinitionName "RDS Operator" -GroupObjectId "aaaa-aaaa-aaaa-aaaa-aaaa" -TenantGroupName "contosoTenantGroup" -TenantName "contosoA"

This command removes the role assignment for the specified Azure AD group who is assigned to the RDS Operator role at the "contosoA" tenant scope.

Parameters

-AADTenantId

The Azure Active Directory tenant ID of the user. This is required when assigning a user at the tenant group scope. This is also required when assigning a user at the tenant, host pool, or app group scope when they do not exist in the Azure AD tenant associated with the Windows Virtual Desktop tenant.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-AppGroupName

The name of the app group.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-ApplicationId

The application ID of the service principal.

Type:	String
Aliases:	SPN, ServicePrincipalName
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Deployment

A scope specific to Windows Virtual Desktop.

Type:	Switch
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-GroupObjectId

The object ID of the Azure AD group.

Type:	String
Aliases:	UserGroupObjectId
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-HostPoolName

The name of the host pool.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-RoleDefinitionName

The name of the role.

Type:	String
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-SignInName

The user principal name (UPN) of the user.

Type:	String
Aliases:	Email, UserPrincipalName
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-TenantGroupName

The name of the tenant group.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-TenantName

The name of the tenant.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

Inputs

System.String

Outputs

System.Object