Script repository
The script removes the user with the specified userPrincipalName from the unmanaged accounts list. The script must be executed in a custom command. The userPrincipalName of the account to remove from the list is specified in a text parameter of the command.
In the script, the $parameterName variable specifies the name of the custom command parameter used to enter the userPrincipalName of the account to remove from the unmanaged list. The parameter name must be specified with the param- prefix.
$parameterName = "param-userToRemove" # TODO: modify me
# Bind to the 'Configuration Set Settings' container.
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)
# Get all unmanaged accounts.
$currentUnmanagedAccounts = $admConfigurationSetSettings.GetUnmanagedAccounts(@("userPrincipalName"))
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
$managedAccountUsername = $Context.GetParameterValue($parameterName)
foreach ($userInfo in $currentUnmanagedAccounts)
{
$searchResult = $userInfo.Value
if ($searchResult -eq $NULL)
{
continue
}
$username = $searchResult.Properties["userPrincipalName"].Value
if($username -eq $managedAccountUsername)
{
$updateUnmanagedList = $True
continue
}
$allUnmanagedSids.Add($userInfo.Key)
}
# Update unmanaged accounts.
if ($updateUnmanagedList)
{
$admConfigurationSetSettings.SetUnmanagedAccounts(@($allUnmanagedSids))
$Context.LogMessage("User with identity $managedAccountUsername was removed from the unmanaged list.", "Information")
}
else
{
$Context.LogMessage("User with identity $managedAccountUsername was not found in the unmanaged list.", "Warning")
}
Comments 0
You must be signed in to comment.