0 votes

Hi, we've been using this script for some time but after the upgrade to 2023 it's now erroring out as below:

image.png As you can see I've done some logging out of variables, and the issue looks to be that the lineĀ $group = $Context.BindToObject($groupPath) is not returning an object. Any suggestions of how to fix?

Thanks,

Allister

by (20 points)

1 Answer

0 votes
by (287k points)

Hello Allister,

The issue occurs because you are using Adaxes 2023. The old version of the scripts were not adapted for it. We updated all the three scripts accordingly. Please, clear browser cache, refresh the page and copy the script you need from the article.

0

Thanks, I've updated the script and now I'm getting this error: image.png Line 59 is this: $group.Remove($Context.TargetObject.AdsPath)

Cheers, Allister

0

Hello Allister,

For troubleshooting purposes, please, connect to Adaxes service with the credentials of the Adaxes service account and try removing members from the very same groups. Should you face any errors/warnings, please, provide us with screenshots. You can post them here or send to us at support@adaxes.com.

0

Hi, on further investigation I've discovered that the script is in fact removing the AD groups correctly, however it looks like the script is also enumerating the groups from AAD (I've connected it as a managed domain) and trying to remove the user from 'All Users'. I get the same error when trying to manually remove the user from this group: image.png Is there a way to skip the AAD groups? Cheers, Allister

0

Hello Allister,

Yes, it is possible. Use the below script.

$groupNamesToSkip = @("MyGroup1", "MyGroup2", "Department*") # TODO: modify me

function SkipGroup($patterns, $name)
{
    foreach ($pattern in $patterns)
    {
        if ($name -like $pattern)
        {
            return $True
        }
    }

    return $False
}

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $NULL
if ($Context.TargetObject.DirectoryType -eq 1)
{
    $primaryGroupId = $Context.TargetObject.Get("primaryGroupID")
}

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)

    if ($group.DirectoryType -eq 1)
    {
        # Skip Primary Group
        if ($group.Get("primaryGroupToken") -eq $primaryGroupId)
        {
            continue
        }

        $groupName = $group.Get("sAMAccountName")
    }
    else
    {
       continue
    }

    # Skip special groups
    if (($groupNamesToSkip -ne $NULL) -and 
        (SkipGroup $groupNamesToSkip $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
}
0

Thanks, that's worked

Related questions

0 votes
1 answer

Currently, when I disable a user account in Adaxes, the group memberships of the user remain intact. I'd like to automate the removal of group memberships such as distribution ... a list of groups/DL that the user was previously in and removed from. Thanks!

asked Nov 3, 2021 by jayden.ang (20 points)
0 votes
1 answer

For instance to execute a powershell script that enable MFA for all member in that group?

asked Jan 27, 2023 by samuel.anim-addo (20 points)
0 votes
0 answers

We have users with group memberships in multiple domain. All groups are type Universal. For example we have DOMAIN A and child domains for each dept, such as ... group memberships during user account copy, including memberships from other domains? Thank you,

asked Sep 10, 2020 by maliguinem (20 points)
0 votes
1 answer

I am using this script to remove all users from groups when they are terminated. This script doesn't remove users from Azure only groups just on prem. How would I change ... .LogMessage("Can not remove $U from $GN"+$_.Exception.Message, "Information") } }

asked Jun 18 by mightycabal (1.0k points)
0 votes
1 answer

Hello Adaxes Team! Is there a way to copy the users in one group to another group in the same domain without script? If not, is there already a solution with a ... : Both groups already exist and should be selected in the copy mask. Much appreciated, Marco

asked Apr 14, 2022 by marco_jandl (60 points)
3,526 questions
3,217 answers
8,197 comments
547,625 users