Returns the collection of all role assignments associated with a user in a specified Active Directory forest.


IRoleAssignments GetRoleAssignmentsFromForest(string forest)


Specify the following parameter when using this method:

Parameter Description


The forest to search for the user’s role assignments.

Return value

A collection of role assignment objects representing all of the role assignments explicitly assigned to this user in the specified forest or in the currently joined forest.


This method only returns the role assignments that have been explicitly assigned to the user. The method will look for stored credentials to access the specified forest. If there are no stored credentials, the method uses the default credentials for the current user.

If you don’t specify a forest by passing an empty string ("") to the method, the method returns role assignments from the currently joined forest.


The following code sample illustrates using GetRoleAssignmentsFromForest in a script:

# New Cims object
$cims = New-Object ("Centrify.DirectControl.API.Cims");
# Get IUser object
$objUserDn = "CN=user1,CN=Users,DC=domain,DC=com";
$objUser = $cims.GetUser($objUserDn);
# Get role assignments from forest