Help with powershell script

Question

Hi, we just recently installed Adaxes and would like to implement a PowerShell script that I have previously written which cleans up user objects if they have been manually moved to a specific OU (uses the Get-ADUser and Set-ADUser commands). The script itself has the OU defined and works on its own (when I run it under my domain admin credentials). However, we're running into issues getting the script to execute as the Adaxes service account.

Unfortunately, the only way we can get the script to work is with Domain Admin rights. However, we would like to eventually get away from that and just delegate the minimium required rights to this service account. I just cannot determine what rights are required to run those commands.

We're basically seeing this as the error message: " Insufficient access rights to perform the operation Stack trace: at <ScriptBlock>, <No file>".

Answer 1

Hello Mark,

First of all, we recommend you to check our tutorials. Most probably, whatever you are trying to achieve can be done using built-in functionality without involving any scripts.

As for the permissions, have a look at the following article: https://www.adaxes.com/help/PermissionsOfDomainServiceAccount.

If you still face issues configuring the corresponding workflow, please, provide us with the script you are using in TXT format. You can post the script here or send to us at support@adaxes.com.

Comments

Thank you. We are using the built-in functionality for now and any scripts that have been provided on the Adaxes website. We will revisit the permissions again later on in our deployment, but for now, will keep the service account as a domain admin.

On an unrelated note, I did have to send an email out to the support team for some other issues we were experiencing with the Help Desk portal page and some operations that were not working correctly (when it involved browsing our on-prem directory).