The script removes the user with the specified User Principal Name from the unmanaged accounts list. The script must be executed in a custom command. The User Principal Name of the account to remove from the list must be specified in a text parameter of the command.
In the script, the $parameterName variable specifies the name of the custom command parameter used to enter the User Principal Name of the user to remove from the unmanaged list. The parameter name must be specified with the param- prefix.
PowerShell
$parameterName = "param-userToRemove" # TODO: modify me
# Bind to the 'Configuration Set Settings' container
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)
# Get all unmanaged accounts
$currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@("userPrincipalName"))
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
$managedAccountUsername = $Context.GetParameterValue($parameterName)
foreach ($userInfo in $currentUnmanagedAccounts)
{
$searchResult = $userInfo.Value
if ($searchResult -eq $NULL)
{
continue
}
$username = $searchResult.Properties["userPrincipalName"].Value
if($username -eq $managedAccountUsername)
{
$updateUnmanagedList = $True
continue
}
$allUnmanagedSids.Add($userInfo.Key)
}
# Update unmanaged accounts
if ($updateUnmanagedList)
{
$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))
$Context.LogMessage("User with identity $managedAccountUsername was removed from the unmanaged list.", "Information")
}
else
{
$Context.LogMessage("User with identity $managedAccountUsername was not found in the unmanaged list.", "Warning")
}