Script to remove all of the management entries of a role

Hi all,

I want to remove all of the role entries of a custom management role. For example, I create a role:
New-ManagementRole -Name 'test1' -Parent 'Mail Recipients'

Then, I want to remove all of the role entries in this role. Here is what I tried:
Get-ManagementRoleEntry "test1\*" | Remove-ManagementRoleEntry
I got the following error message:
======================

Cannot process argument transformation on parameter 'Identity'. Cannot convert value "test1" to type "Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter". Error: "The format of the value you specified in the Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter parameter isn't valid. Check the value, and then try again.
Parameter name: identity"
    + CategoryInfo          : InvalidData: (test1:PSObject) [Remove-ManagementRoleEntry], ParameterBindin...mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Remove-ManagementRoleEntry

=========================

Can someone help about the PowerShell script to achieve the goal?

PS1: It's in Exchange 2013 (I remember I encountered the same issue in 2010)
PS2: I don't have enough permissions. In other words, I cannot create a unscopedtoplevel management role. What I can do is to remove all of the role entries in the children role.

TIA 

June 13th, 2013 5:38pm

Hi

How about just run

Get-ManagementRoleEntry "test1\*"

Will they display?

Cheers

Free Windows Admin Tool Kit Click here and download it now
June 14th, 2013 8:28am
No management role entries have been removed
June 14th, 2013 4:19pm

Hi,

Did you ever sort this? I've got the same issue with Exchange Online .. following this TechNet article http://technet.microsoft.com/en-us/library/dd297947(v=exchg.150).aspx

:/

Free Windows Admin Tool Kit Click here and download it now
December 20th, 2013 12:30pm

Hi,

Old thread, but here's how I resolved this:
(I know I'm using write-host, but it's just to get some sense of what it's working on since Verbose didn't do anything.)

$Entries = Get-ManagementRoleEntry "$roleName\*" | where {$ExEASCmdlets -notcontains $_.Name}
Write-Host -ForegroundColor Cyan "Working on $roleName ::"
$Entries | % { 
	Write-Host -ForegroundColor Green "Removing $($_.Identity + "\" + $_.Name)"
	Remove-ManagementRoleEntry -Identity ($_.Identity + "\" + $_.Name) -Confirm:$False
}

Some of the variables were defined earlier. In your case with the single Management Role, this should be enough:

$Entries = Get-ManagementRoleEntry "test1\*"
$Entries | % {
	Remove-ManagementRoleEntry -Identity ($_.Identity + "\" + $_.Name) -Confirm:$False
}


May 27th, 2015 9:46am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics