I have about 25 administrative user where I need to add a new role and assign it a specific scope. In my testing I have been able to get a list of users and assign it a new role, however when the role is added it gets a role-up of all the different scopes assigned to the user. When adding a role using the Add-CMSecurityRoleToAdministrativeUser cmdlet, is their a way to specify which scopes to add instead of receiving a role up of all scopes.
In a similar fashion, is their a way to use the Remove-CMSecurityScopeFromAdministrativeUser cmdlet and specify a specific role to remove the scope from instead of purging it from the entire user.
My beta code is below.
$adminUsers = get-cmadministrativeuser | where {$_.logonname -like "*metricstesting*"} ForEach ($adminUser in $adminUsers) { Add-CMSecurityRoleToAdministrativeUser -AdministrativeUserName "$($adminUser.logonname)" -RoleName "+Custom+ Operating System Deployment User" }-Tony
- Edited by Tony Chirillo 13 hours 45 minutes ago