0 votes

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm

I need to have adaxes log each group removal. I have tried $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage("$group was removed from %username%", "Information") And $group.Remove($Context.TargetObject.AdsPath) $context.LogMessage($group+" was removed from %username%", "Information")
What I get in the log is: image.png What am I doing wrong?

by (1.0k points)

1 Answer

+1 vote
by (279k points)

Hello,

You can use the below updated script.

$groupNamesToSkip = @("MyGroup1", "MyGroup2", "Department*") # TODO: modify me

function SkipGroup($patterns, $name)
{
    foreach ($pattern in $patterns)
    {
        if ($name -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $NULL
if ($Context.TargetObject.DirectoryType -eq 1)
{
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
}

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    if ($group.DirectoryType -eq 1)
    {
        # Skip Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $groupName = $group.Get("sAMAccountName")
    }
    else
    {
        $groupName = $group.Get("name")
    }

    # Skip special groups
    if (($groupNamesToSkip -ne $NULL) -and 
        (SkipGroup $groupNamesToSkip $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
    $Context.LogMessage("User %fullname% removed from group $groupName", "Information")
}
0

Thank you works perfectly.

Related questions

0 votes
1 answer

I need to send an e-mail to the owner ("managed by") for each group. The e-mail should contain a list of group members. What is the best way to do that?

asked May 9 by akindy (20 points)
0 votes
1 answer

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27, 2023 by samuel.anim-addo (20 points)
0 votes
1 answer

When running a PowerShell script as an action in a custom command, you can set the script to run as a different account and then use the RunAs property in the ... Is there another way to get the Adaxes service account's credentials from within the script?

asked Mar 31, 2022 by KelseaIT (320 points)
0 votes
1 answer

I'd like to log specific details from my scripts but would like to integrate it with Adaxes if possible.

asked Jun 5 by ZoomGhost (240 points)
0 votes
1 answer

I'm trying to implement the script on https://www.adaxes.com/script-repository/changes-in-group-membership-including-changes-made-by-3rd-party-tools-s289.htm. I added my ... is set to run hourly on Domain Admins, and Exchange Admin "group" objects. Thanks

asked Feb 26 by stevehalvorson (110 points)
3,434 questions
3,130 answers
7,984 comments
546,352 users