Microsoft Azure Ad Custom action
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2023 11:50 PM
HI Team,
I'm now creating the custom action for add managed by attributes in AD. While I trying to run the powershell script is running fine managed by name is added but while I try to do via custom action it shows the following error.
Insufficient access rights to perform the operation HRESULT: [8344] Stack Trace: at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForExtendedError(String extendedErrorMessage, Exception innerException) at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForErrorCode(String message, String errorCode, String extendedErrorMessage, Exception innerException) at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowExceptionForFaultDetail(FaultDetail faultDetail, FaultException faultException) at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowException(AdwsFault adwsFault, FaultException faultException) at Microsoft.ActiveDirectory.Management.AdwsConnection.Modify(ADModifyRequest request) at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Modify(ADSessionHandle handle, ADModifyRequest request) at Microsoft.ActiveDirectory.Management.ADActiveObject.Update() at Microsoft.ActiveDirectory.Management.Commands.ADSetCmdletBase`3.SetFromIdentity(O identity) at Microsoft.ActiveDirectory.Management.Commands.ADSetCmdletBase`3.ADSetCmdletBaseProcessCSRoutine() at Microsoft.ActiveDirectory.Management.CmdletSubroutinePipeline.Invoke() at Microsoft.ActiveDirectory.Management.Commands.ADCmdletBase`1.ProcessRecord()
Powershell Script:
# Import the Active Directory module
Import-Module "$executingScriptDirectory\ADSpoke\ActiveDirectoryMain"
$groupname = $env:SNC_groupname -replace "%27", "'"
$managedby = $env:SNC_managedby -replace "%27", "'"
#SNCLog-ParameterInfo @("Running AddManagedByToADGroup", $groupName, $managedby)
# Retrieve the group object
$group = Get-ADGroup -Filter {Name -eq $groupName}
if ($group) {
# Retrieve the manager object
$manager = Get-ADUser -Identity $managedby
if ($manager) {
# Add the ManagedBy attribute to the group
Set-ADGroup -Identity $group.DistinguishedName -ManagedBy $manager.DistinguishedName
Write-Output "The group '$groupName' is now managed by '$managedby'."
} else {
Write-Output "Manager '$managedby' not found."
}
} else {
Write-Output "Group '$groupName' not found."
}
