web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / PowerShell to extract ...
Microsoft Dynamics AX (Archived)

PowerShell to extract User, Roles, Duties and Privileges

(0) ShareShare
ReportReport
Posted on by Community Member

I came across a useful Windows PowerShell script to extract users and roles with the intention of generating a script to create those same users and roles (in another AX environment). I've used it just for management reporting but is it possible to also extract the duties and privileges?

Here is the script that I have so far:

# The below code segment has been extracted form the Management Shell to load AX modules
#----------------------------------------------------------------------------------------
function ImportAXModule($axModuleName, $disableNameChecking, $isFile)
{
try
{
$outputmessage = "Importing " + $axModuleName
Write-Output $outputmessage

if($isFile -eq $true)
{
$dynamicsSetupRegKey = Get-Item "HKLM:\SOFTWARE\Microsoft\Dynamics\6.0\Setup"
$sourceDir = $dynamicsSetupRegKey.GetValue("InstallDir")
$axModuleName = "ManagementUtilities\" + $axModuleName + ".dll"
$axModuleName = join-path $sourceDir $axModuleName
}
if($disableNameChecking -eq $true)
{
import-module $axModuleName -DisableNameChecking
}
else
{
import-module $axModuleName
}
}
catch
{
$outputmessage = "Could not load file " + $axModuleName
Write-Output $outputmessage
}
}

$dynamicsSetupRegKey = Get-Item "HKLM:\SOFTWARE\Microsoft\Dynamics\6.0\Setup"
$sourceDir = $dynamicsSetupRegKey.GetValue("InstallDir")
$dynamicsAXModulesPath = join-path $sourceDir "ManagementUtilities\Modules"

$env:PSModulePath = $env:PSModulePath + ";" + $dynamicsAXModulesPath

ImportAXModule "AxUtilLib" $false $true

#AxUtil uses "Optimize" verb.
#Therefore we use -DisableNameChecking to suppress warning about uncommon verb being used.
ImportAXModule "AxUtilLib.PowerShell" $true $false

ImportAXModule "Microsoft.Dynamics.Administration" $false $false
ImportAXModule "Microsoft.Dynamics.AX.Framework.Management" $false $false
#----------------------------------------------------------------------------------------

# Clear the screen so you can see what is happening much more easily
cls

# Change this file path to where you want to save the generated PowerShell script
$filePath = "C:\Temp\UserDetails.ps1"
$lineToWrite = " "

# Deletes the file to ensure we generate a clean file
New-Item $filePath -ItemType file -Force

# Retrieve the list of users
$userList = Get-AXUser

# Writes a heading line to the file
$lineToWrite = "UserID,Name,Company,Enabled,Role"
$lineToWrite | Out-File -FilePath $filePath -Append;

# Loop through the user list
foreach($user in $userList)
{
# Retrieve all the security roles the user is assigned to
$securityRoles = Get-AXSecurityRole -AxUserID $user.AXUserId

# Loop through the security roles so we can write PowerShell script to the file
foreach($securityRole in $securityRoles)
{
# Writes a line to the file (this line writes a PowerShell script to add the Role to the User)
$lineToWrite = $user.AxUserID + "," + $user.Name + "," + $user.Company + "," + $user.Enabled + "," + $securityRole.Name
$lineToWrite | Out-File -FilePath $filePath -Append;
}
}

*This post is locked for comments

I have the same question (0)
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 299,071 Super User 2025 Season 2 on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    As far as I know this it is not possible with powershell to extract duties etc. The purpose of the current powershell commands are to set permissions to users or create users in AX.

  • Suggested answer
    Kevin Roos Profile Picture
    Kevin Roos 265 on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    You could write the logic to retrieve the duties etc within Ax and then extract the data over a business connector session with powershell like the following example.

    domhk.blogspot.be/.../use-powershell-and-business-connector.html

  • Martin Dráb Profile Picture
    Martin Dráb 236,289 Most Valuable Professional on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    You can also easily query SQL databases from Powershell.

  • Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    The auditors of a company I know use a script that extract users / roles / duties and privileges and then combine the results using acess to create a table of roles / users / duties / privileges. I've seen the result in excel which is really impressive. However I do not have the script.

  • Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    Thanks Andre, Kevin and Martin.

    Martin,

    Where can I find the table and field names for duties and privileges?

  • Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    Try this  job

    static void userSecurity()

       {

           SecurityTaskEntryPoint  taskEntryPoint;

           SecurityUserRole        userRole;

           SecurityRole            role;

           SecurityRoleTaskGrant   taskGrant;

           SecuritySubTask         subTask;

           SecurityTask            privilege;

           SecurableObject         securableObject;

           str privName;

           str dutyName;

           str entrName;

           str accessLevel;

           str menuItemName;

           ;

           while select taskEntryPoint

           join subTask

               where

                   subTask.SecuritySubTask == taskEntryPoint.SecurityTask

           join taskGrant

               where

                   taskGrant.SecurityTask  == subTask.SecurityTask

           join role

               where

                   role.RecId              == taskGrant.SecurityRole //&&

                   //role.AotName            like 'BudgetBudgetManager*'

           join userRole

               where

                   userRole.SecurityRole   == role.RecId &&

                   userRole.User           == 'ct7721' //example of user Alias

           {

               //get duty name

               select privilege

                   where

                       privilege.RecId == taskGrant.SecurityTask &&

                       SecurityTaskType::Duty == privilege.Type;

               dutyName = privilege.Name;

               //get previlege name

               select privilege

                   where

                       privilege.RecId == subTask.SecuritySubTask &&

                       SecurityTaskType::Privilege == privilege.Type;

               privName = privilege.Name;

               //get menu item name

               select securableObject

                   where

                       securableObject.RecId   == taskEntryPoint.EntryPoint;

    info(strFmt("User: %1 ===> Role: %4 ===> Duty: %3 ===> Previlege: '%2 ===> Menu Item ==> %6 ===> Access: %5", userRole.User, privName, dutyName, role.Name, taskEntryPoint.PermissionGroup, securableObject.Name));

           }

       }

  • Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    Thanks, I ran your code (without the condition userRole.User == 'ct7721') and it was still running after 4 hours with no output so I killed it.

  • Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    You need to put an user Alias, so it will limit the code for that specific user only.

  • Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    Ah but I really want to produce this report for all users (around 800) in the system.

  • Suggested answer
    Community Member Profile Picture
    Community Member on at
    RE: PowerShell to extract User, Roles, Duties and Privileges

    Like Martin said, you can use SQL.

    My job are generated to detailed information, in your case just use table "SecurityRole", "SecurityUserRole" and " SecurityTask".

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Community Member Profile Picture

Community Member 4

#2
Nayyar Siddiqi Profile Picture

Nayyar Siddiqi 2

#2
Guy Terry Profile Picture

Guy Terry 2 Moderator

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans