How do I remove a group from a Purview rolegroup?

0
3
Asked By CuriousCoder27 On

I'm trying to remove a synced on-prem security group from a custom role group in Purview, and I'm feeling stuck. When I run the command `get-rolegroup -Identity "HSBC E-discovery ManagerSMTPES1US7" | select-object Name, Members`, I see the members listed as `[FFO.extest.microsoft.com/Microsoft](http://FFO.extest.microsoft.com/Microsoft) Exchange HostedOrganizations/.onmicrosoft.com/`.

However, I keep getting errors when I attempt to remove the group. For example, I receive a message saying, "The operation couldn't be performed because object: '' matches multiple entries." When using `remove-RoleGroupMember -Identity "role group name" -Member "security group name"`, it sometimes works, but I often get an error stating that the " already exists....RoleGroupAlreadyExistsException."

I understand that the ffo reference is an ExchangeObject, but I'm looking to avoid connecting to ExchangeOnline since the admin running the script is a Compliance Admin and not an ExO admin. Any suggestions for this?

4 Answers

Answered By ScriptSavant41 On

Actually, it seems that `get-rolegroup` might not provide the members directly. You might want to try using the command `get-rolegroupmember -identity ""`, which should give you the proper list of members.

Answered By PowerShellNinja65 On

Don't forget to check if there are any nested groups. Sometimes, the existence of nested groups can complicate removal, leading to those errors you mentioned.

Answered By TechGuru99 On

You could try using only the GUID for both the identity and the member. GUIDs should always be unique, which might help avoid those conflicts.

TechieRick22 -

Just remember that while using GUIDs is good for uniqueness, I ran into similar issues even when using them. It doesn't always guarantee success.

CuriousCoder27 -

I hadn’t considered the GUIDs for the role group before! I’ll give that a shot and see if it resolves the issues.

Answered By CodeCrafter88 On

Just a heads up, I've found that using the right command is crucial. Switching to `get-rolegroupmember` made it easier for me to manage role group members without running into those annoying errors.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.