remove computer from group in flow designer

Cherly
Tera Contributor

‎04-07-2022 07:46 AM

i need to remove a computer from AD via flow designer. I need help creating and action and I try creating a similar action to the remove user but got a powershell error

action created was 

import-module "$executingScriptDirectory\ADSpoke\ActiveDirectoryMain"

if (test-path env:\SNC_groupname) {
$groupname = $env:SNC_groupname;
$username = $env:SNC_username;
};
$groupname = $groupname -replace "%27","'";
$username = $username -replace "%27","'";
removeADComputerFromGroup -domainController $computer -username $username -groupname $groupname -useCred $useCred -credential $cred

 

from active directorymain

###################################
# Remove Computer from Group
# Custom Function
###################################>
function removeComputerFromGroup {
param([string]$domainController, [string]$username, [string]$groupname, [boolean]$useCred, [System.Management.Automation.PSCredential]$credential)

SNCLog-ParameterInfo @("Running removeADUserAccountFromGroup", $domainController, $username, $groupname)

$userObject = getADObject -domainController $domainController -type "Computer" -objectName $username -useCred $useCred -credential $credential
$groupObject = getADObject -domainController $domainController -type "Group" -objectName $groupname -useCred $useCred -credential $credential

$groupObject.remove("LDAP://"+$userObject.distinguishedName);
if (-not $?) {
SNCLog-DebugInfo "`tFailed to remove $username computer from $groupname group, $error"
}
}

Labels:
0 Helpfuls
  • 796 Views
7 REPLIES 7

Aoife
Tera Guru
In response to Cherly

‎04-10-2022 11:44 AM

Fair enough, shouldn't the second script be renamed to what you are calling in the first?  The function you posted was removeComputerFromGroup, but in the first script your call is removeADComputerFromGroup.

I'm super surprised that this is not part of the Microsoft AD spoke.  Wish I didn't work remote so I can test ideas out.  I've done a bit of AD work with ServiceNow, always had odd issues due to the PowerShell Remoting portion, where it wants to remote into the AD or Exchange server to run the PS scripts and the security on the network would cause it to fail about 50% of the time.

----

Aoife

###################################
# Remove Computer from Group
# Custom Function
###################################>
function removeADComputerFromGroup {
param([string]$domainController, [string]$username, [string]$groupname, [boolean]$useCred, [System.Management.Automation.PSCredential]$credential)

SNCLog-ParameterInfo @("Running removeADComputerFromGroup", $domainController, $username, $groupname)

$userObject = getADObject -domainController $domainController -type "Computer" -objectName $username -useCred $useCred -credential $credential
$groupObject = getADObject -domainController $domainController -type "Group" -objectName $groupname -useCred $useCred -credential $credential

$groupObject.remove("LDAP://"+$userObject.distinguishedName);
if (-not $?) {
SNCLog-DebugInfo "`tFailed to remove $username computer from $groupname group, $error"
}
}

0 Helpfuls

Lavanya Avula1
ServiceNow Employee
ServiceNow Employee
In response to Aoife

‎09-21-2022 01:38 AM

Hi Aoife / Cherly,

Did any of you find the way to remove computer from AD Group successfully ? I have been looking for the same custom action. 

Appreciate any help here. 

0 Helpfuls

martinbender
Tera Contributor

‎11-04-2022 01:06 AM

Hello Cherly, did you get a solution for your problem ? I have the same problem, I will add or delete a computer to group and I don't know how to create a new action for this. 
What I saw in your code is that you that you call a function:
removeADComputerFromGroup -domainController $computer -username $username -groupname $groupname -useCred $useCred -credential $cred
but the function named "removeComputerFromGroup {"
maybe there is missing the "AD" removeADComputerFromGroup
br
martin

0 Helpfuls