Returns the collection of all role assignments explicitly assigned to a specified group—regardless of whether the role assignment is in a zone, computer-specific (computer override) zone, or computer role—within a specified forest.


IRoleAssignments GetRoleAssignmentsFromForest(string forest)


Specify the following parameter when using this method:

Parameter Description


The forest to search for the group’s role assignments.

Return value

A collection of role assignments objects representing all of the role assignments explicitly assigned to this group in the specified forest or in the currently joined forest.


This method only returns role assignments explicitly assigned to the group. The method does not expand the group membership or return role assignments for groups nested under the specified group.

The method will look for stored credentials to access the specified forest. If there are no stored credentials, it uses the default credentials for the current user.

If you don’t specify a forest by passing an empty string ("") to the method, the method returns role assignments from the currently joined forest.


The following code sample illustrates using GetRoleAssignmentsFromForest in a script:

# New Cims object
$cims = New-Object ("Centrify.DirectControl.API.Cims");
# Get IGroup object
$objGroupDn = "CN=group1,CN=Users,DC=domain,DC=com";
$objGroup = $cims.GetGroup($objGroupDn);
# Get role assignments from forest