I'm trying to remove a synced on-prem security group from a custom role group in Purview, and I'm feeling stuck. When I run the command `get-rolegroup -Identity "HSBC E-discovery ManagerSMTPES1US7" | select-object Name, Members`, I see the members listed as `[FFO.extest.microsoft.com/Microsoft](http://FFO.extest.microsoft.com/Microsoft) Exchange HostedOrganizations/.onmicrosoft.com/`.
However, I keep getting errors when I attempt to remove the group. For example, I receive a message saying, "The operation couldn't be performed because object: '' matches multiple entries." When using `remove-RoleGroupMember -Identity "role group name" -Member "security group name"`, it sometimes works, but I often get an error stating that the " already exists....RoleGroupAlreadyExistsException."
I understand that the ffo reference is an ExchangeObject, but I'm looking to avoid connecting to ExchangeOnline since the admin running the script is a Compliance Admin and not an ExO admin. Any suggestions for this?
4 Answers
Actually, it seems that `get-rolegroup` might not provide the members directly. You might want to try using the command `get-rolegroupmember -identity ""`, which should give you the proper list of members.
Don't forget to check if there are any nested groups. Sometimes, the existence of nested groups can complicate removal, leading to those errors you mentioned.
You could try using only the GUID for both the identity and the member. GUIDs should always be unique, which might help avoid those conflicts.
I hadn’t considered the GUIDs for the role group before! I’ll give that a shot and see if it resolves the issues.
Just a heads up, I've found that using the right command is crucial. Switching to `get-rolegroupmember` made it easier for me to manage role group members without running into those annoying errors.
Just remember that while using GUIDs is good for uniqueness, I ran into similar issues even when using them. It doesn't always guarantee success.