0 votes

My code works in the powershell ISE, but doesn't work in Adaxes admin console, and I have no idea why...

Here is my code:

Import-module Adaxes
$userDN = "%username%"

$Groups = Get-ADMPrincipalGroupMembership -Identity $UserDN -AdaxesService localhost     
$User = Get-AdmUser -Identity $UserDN -Properties info
Set-AdmUser -Identity $UserDN -Clear info
$notes = $User.info
Foreach ($dg in $Groups)
    {
    If ($dg.name -eq "Domain Users")
        {
        }
    Else
        {
            $SplitString = $dg.ToString()
            $holder = $SplitString -split ","
            $RemovedGroup += "`r`n"+$holder[0]
            Remove-AdmPrincipalGroupMembership -Identity $UserDN -MemberOf $dg
        }
    }
$notes = "$notes `r`n **The user has been removed from the following groups **`r`n$RemovedGroup`r`n ************* End of Group List"

Set-AdmUser -Identity $UserDN -Add @{info=$notes}

When I run the code via the ISE on the server, it works. however, when running this code via a Custom command I get the following error:

Cannot invoke this function because the current host does not implement it.

Any ideas? I know it's the Remove-AdmPrincipalGroupMembership -Identity $UserDN -MemberOf $dg line because if I comment that line out, the script works.

Thanks
Jon.

*edit*
I also tried to use

Remove-ADMGroupMember -Identity $dg.DistinguishedName -Members $userDN

and got the same error message.

by (50 points)
0

I'm guessing this got missed accidentally?

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Sorry for a delayed reply. The thing is that removing a user from a group is a sensitive operation, and the Remove-AdmPrincipalGroupMembership cmdlet always prompts for confirmation of this operation. This works well when you call the cmdlet from the PowerShell Console or PowerShell ISE, however, currently, Adaxes does not support prompting for user input from PowerShell scripts run by Business Rules, Custom Commands and Scheduled Tasks. Thus, when the cmdlet attempts to show the confirmation prompt, you get the error message.

To workaround this, you need to disable the confirmation. For this purpose, when calling the cmdlet from your script, you need to set the -Confirm parameter of the cmdlet to false. For this purpose, find the following line in your script:

Remove-AdmPrincipalGroupMembership -Identity $UserDN -MemberOf $dg

and append -Confirm:$False:

Remove-AdmPrincipalGroupMembership -Identity $UserDN -MemberOf $dg -Confirm:$False

This should do the job.

0

yep, that was stupid of me.

Thanks, that did the trick.

0

Hello

Remove-AdmPrincipalGroupMembership -Identity $UserDN -MemberOf $dg -Confirm:$False

This also goes for Remove-AdmGroupMember.

This could be noticed on in the SDK at both cmdlets.

- Thanks

Related questions

0 votes
1 answer

Get-AdmPrincipalGroupMembership always throws an exception, even for users which absolutely exist (eg: piped ... :Commands:GetAdmPrincipalGroupMembershipCommand:ProcessRecord,Softerra.Adaxes.PowerShellModule.Commands.GetAdmPrincipalGroupMembershipCommand

asked May 4, 2023 by Viajaz (210 points)
0 votes
1 answer

Hi I'm trying to set up a process where when a user (on prem) is added to an Azure group, they are removed from some conflicting groups automatically. When ... $group -Members $user -Server "domain.onmicrosoft.com" -AdaxesService localhost } } Thanks Matt

asked Mar 2, 2023 by chappers77 (2.0k points)
0 votes
1 answer

Hello, I'm trying to write a simple powershell script to check if a user is a member of one of two groups and output a true value if the user is a member of ... intended to be run as Adaxes scheduled tasks or can I use the default Powershell cmdlets instead?

asked Nov 4, 2015 by drew.tittle (810 points)
0 votes
1 answer

I'd like some help with a script to revoke a users rights to a shared mailbox upon being removed from a security group. I already have the reverse, a script that adds users to a shared mailbox, if they are a member of a group, now I just need the reverse.

asked Mar 20 by dominik.stawny (160 points)
0 votes
1 answer

I would like to have a script that removes the offboarded users from all teams groups

asked Jan 3 by bodson (20 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users