0 votes

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm

I need to have adaxes log each group removal. I have tried $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage("$group was removed from %username%", "Information") And $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage($group+" was removed from %username%", "Information")
What I get in the log is: image.png What am I doing wrong?

by (730 points)

1 Answer

+1 vote
by (250k points)

Hello,

You can use the below updated script.

$groupNamesToSkip = @("MyGroup1", "MyGroup2", "Department*") # TODO: modify me

function SkipGroup($patterns, $name)
{
    foreach ($pattern in $patterns)
    {
        if ($name -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $NULL
if ($Context.TargetObject.DirectoryType -eq 1)
{
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
}

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    if ($group.DirectoryType -eq 1)
    {
        # Skip Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $groupName = $group.Get("sAMAccountName")
    }
    else
    {
        $groupName = $group.Get("name")
    }

    # Skip special groups
    if (($groupNamesToSkip -ne $NULL) -and 
        (SkipGroup $groupNamesToSkip $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
    $Context.LogMessage("User %fullname% removed from group $groupName", "Information")
}
0

Thank you works perfectly.

Related questions

0 votes
1 answer

When running a PowerShell script as an action in a custom command, you can set the script to run as a different account and then use the RunAs property in the ... Is there another way to get the Adaxes service account's credentials from within the script?

asked Mar 31, 2022 by KelseaIT (320 points)
0 votes
1 answer

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27 by samuel.anim-addo (20 points)
0 votes
0 answers

By default, in hybrid environments, when an on-premises AD object is created in Adaxes within the scope of a Microsoft 365 tenant, Adaxes will create the corresponding ... the Display the temporary password in the Execution Log checkbox. Click OK twice.

asked Nov 16, 2022 by Adaxes (530 points)
0 votes
1 answer

Receive "Index operation failed; the array index evaluated to null. Stack trace: at &lt;ScriptBlock&gt;, &lt;No file&gt;: line 104&gt;" and "Index operation failed; the ... $GroupName, $GroupDN." } } #foreach write-output "" Write-Output "" Stop-Transcript

asked Apr 14, 2022 by jbahou (20 points)
0 votes
1 answer

I'm working on user deprovision and need to re-assign a user's home directory to the manager's home directory after disabling. I found a PowerShell script on this site to ... retrieve the same for the Manager? I'm a PowerShell novice, so excuse my ignorance.

asked Feb 26, 2021 by mkvidera (60 points)
3,064 questions
2,777 answers
7,134 comments
430,071 users