I would like to allow for my support team to disenroll some user from SelfService Password Policy.
Is it possible to allow via web interface?
Yes, sure. For this purpose you can create a Custom Command that disenrolls a user. To create it:
Create a new Custom Command.
On step 2 step of the Create Custom Command wizard, select the User object type.
On step 3, add the Run a program or PowerShell script action and paste the following script in the Script field:
Enter a short description for the script and click OK.
Finish creation of the Custom Command.
It's working. Thanks!
I'd like to implement an architecture whereby all Domain Users can request membership in any domain security group. I'd also like to allow the OU Owners to have ... from their groups without granting them the ability to remove users from all security groups?
I would like to change department without a script just yet if possible on multiple accounts. If I cant do this then I will entertain custom script Thanks :)
Hi we have bunch of custom commands that HR uses, to create new user employee or offboard someone. They can see the execution log on the web interface, but we would like to recive a copy of the log in an email to IT to make sure there arent errors etc.
If we want to obtain the Object ID for the corresponding 365 object of a user, we would use the logic: [Guid]$Context.TargetObject.Get("adm-O365ObjectId") -if ... definitively belongs to an on-premises Active Directory domain or a cloud Azure AD domain?
We have a multiforest set up. One of the domains is a non hybrid. Whenever a user is created in that domain it gives an error saying- 'Property 'ms-exch-target- ... active Directory schema'. How can we write an exception while adding to that non-hybrid domain?