Returns the collection of all role assignments explicitly assigned to a specified group—regardless of whether the role assignment is in a zone, computer-specific (computer override) zone, or computer role—within a specified domain.


IRoleAssignments GetRoleAssignmentsFromDomain(string domain)


Specify the following parameter when using this method:

Parameter Description


The domain to search for the group’s role assignments.

Return value

A collection of role assignment objects representing all of the role assignments explicitly assigned to this group in the specified domain or in the currently joined domain.


This method only returns role assignments explicitly assigned to the group. The method does not expand the group membership or return role assignments for groups nested under the specified group.

The method will look for stored credentials to access the specified domain. If there are no stored credentials, it uses the default credentials for the current user.

If you don’t specify a domain by passing an empty string ("") to the method, the method returns role assignments from the currently joined domain.


The following code sample illustrates using GetRoleAssignmentsFromDomain in a script:

# New Cims object
$cims = New-Object ("Centrify.DirectControl.API.Cims");
# Get IGroup object
$objGroupDn = "CN=group1,CN=Users,DC=domain,DC=com";
$objGroup = $cims.GetGroup($objGroupDn);
# Get role assignments from domain