I am using this script to remove all users from groups when they are terminated. This script doesn't remove users from Azure only groups just on prem. How would I change this script to remove the Azure groups that we don't synchronize to on prem? $U = "%username%"

$Groups = Get-AdmPrincipalGroupMembership -Identity $U -AdaxesService localhost foreach($Group in $Groups){ $GN = $Group.samAccountName Try{ If($GN -ne 'NoAllExchange' -and $GN -ne 'Domain Users'){ Remove-AdmGroupMember -Identity $GN -Members $U -Confirm:$False -AdaxesService localhost } } Catch{ $Context.LogMessage("Can not remove $U from $GN"+$_.Exception.Message, "Information") }


You can use one of the scripts from the following article in our repository: https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm.


Hello, the script in the repository doesn't log the group removals in the Adaxes logs. I need that for audit puposes.



For each removal from group to be logged in Adaxes, replace this line in either of the scripts

$group = $Context.BindToObject($groupPath)

with the below one

$group = $Context.BindToObjectEx($groupPath, $True)

Thanks, this works perfectly.

