Hey
we have a multi-domain AD forest and I'm trying to use powershell to remove computers in the child domains from a universal group in the root domain.
I tried it with naming the group and computer like this:
Remove-AdmGroupMember -identity GROUPNAME -members COMPUTERNAME$ -adaxesservice ADAXESSERVERNAME -server ROOTDOMAINFQDN
And I tried with storing the group object and the computer object into variables $group and $computer, using Get-AdmGroup and Get-AdmComputer cmdlets, and then using the Remove-AdmGroupMember cmdlet on those, as I know this is required when working with EntraID objects (and works fine on those) like this:
Remove-AdmGroupMember -identity $group -members $computer -adaxesservice ADAXESSERVERNAME -server ROOTDOMAINFQDN
It takes a moment, like it is processing it, and comes back with no error message, as if it succeeded. If I mess something up like using the wrong computername or something like that, I do get error messages.
But the group remains unchanged and the Adaxes logs show no trace of this.
If I do the same thing with a computer in the root domain (same domain in which the group is located) it works fine.
We've only just upgraded to Adaxes 2025.1 in September and I'm not sure if it had been working since. But it defently was working with 2023.2.
We're on Adaxes 2025.1 Update 2. I didn't see any of this in the bug fixes list of Update 3, though.
It runs on Server 2022 and our domain controllers are Server 2019.
We have a multi-server setup with 3 Adaxes servers.
I get the same results whether I run this in Ps5.1 or Ps7, from my laptop or from the Adaxes server itself.