0 votes

Hi there,

I would like to allow for my support team to disenroll some user from SelfService Password Policy.

Is it possible to allow via web interface?

Thanks!

Lopes

by (100 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello Lopes,

Yes, sure. For this purpose you can create a Custom Command that disenrolls a user. To create it:

  1. Create a new Custom Command.

  2. On step 2 step of the Create Custom Command wizard, select the User object type.

  3. On step 3, add the Run a program or PowerShell script action and paste the following script in the Script field:

     if ($Context.TargetObject.IsEnrolled)
     {
         $Context.TargetObject.DisenrollUser()
     }
  4. Enter a short description for the script and click OK.

  5. Finish creation of the Custom Command.

0

Hi Support,

It's working. Thanks!

Lopes

Related questions

0 votes
0 answers

I'd like to implement an architecture whereby all Domain Users can request membership in any domain security group. I'd also like to allow the OU Owners to have ... from their groups without granting them the ability to remove users from all security groups?

asked Mar 25, 2020 by sirslimjim (480 points)
0 votes
1 answer

I would like to change department without a script just yet if possible on multiple accounts. If I cant do this then I will entertain custom script Thanks :)

asked Nov 23, 2021 by will17 (350 points)
0 votes
1 answer

Hi we have bunch of custom commands that HR uses, to create new user employee or offboard someone. They can see the execution log on the web interface, but we would like to recive a copy of the log in an email to IT to make sure there arent errors etc.

asked Jun 30, 2021 by TJ_Umredkar (140 points)
0 votes
1 answer

Hi all, How can I add a user directly to an Entra ID group? I understand it might be possible via CLI e.g. Add-AzureADGroupMember - But is there a built-in GUI method via Business Rules? Thanks, David

asked Oct 2 by dshortall (80 points)
0 votes
1 answer

If we want to obtain the Object ID for the corresponding 365 object of a user, we would use the logic: [Guid]$Context.TargetObject.Get("adm-O365ObjectId") -if ... definitively belongs to an on-premises Active Directory domain or a cloud Azure AD domain?

asked Dec 12, 2022 by Viajaz (210 points)
3,589 questions
3,278 answers
8,303 comments
548,122 users