3.7 Remove-AzureDRAGroupMembers

Synopsis

Removes members of an existing group managed by DRA.

Syntax

Remove-AzureDRAGroupMembers -Tenant <String> [-Contacts <String[]>] [-Groups <String[]>] [-Users <String[]>] [-AzureContacts <String[]>] [-AzureGroups <String[]>] [-AzureUsers <String[]>] -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]

Description

The Remove-AzureDRAGroupMembers cmdlet removes members from an Entra ID group managed by DRA. The requesting user must have the Remove Object from Entra ID Group power. The command accepts arrays of identifiers for each of the supported object types that can be members of the group. An identifier and at least one member must be specified.

Parameters

Attribute / Description	Values
Attribute / Description	Required	Position	Default Value	Accept Pipeline input?	Accept wildcard characters?
Contacts [<String[]>] An array of existing Active Directory contact identifiers to remove from the Entra ID group. An identifier can be a distinguished name.	false	named		true (ByPropertyName)	false
Groups [<String[]>] An array of existing Active Directory group identifiers to remove from the Entra ID group. An identifier can be a distinguished name.	false	named		true (ByPropertyName)	false
Users [<String[]>] An array of existing Active Directory user identifiers to remove from the Entra ID group. An identifier can be a distinguished name.	false	named		true (ByPropertyName)	false
AzureContacts [<String[]>] An array of existing Entra ID contact identifiers to remove from the Entra ID group.An identifier is a distinguished name, for example, "CN=CB58BFCE-1E49-4FA5-AF0A-E2B5068F8073,AZ=corp", and multiple distinguished names can be comma separated. "CN=CB58BFCE-1E49-4FA5-AF0A-E2B5068F8073,AZ=corp", "CN=C503F54F-6357-4831-A74A-B2EA06ED6806,AZ=corp"	false	named		true (ByPropertyName)	false
AzureGroups [<String[]>] An array of existing Entra ID group identifiers to remove from the Entra ID group.An identifier is a distinguished name, for example, "CN=CB58BFCE-1E49-4FA5-AF0A-E2B5068F8073,az=corp",and multiple distinguished names can be comma separated:"CN=CB58BFCE-1E49-4FA5-AF0A-E2B5068F8073,az=corp", "CN=C503F54F-6357-4831-A74A-B2EA06ED6806,az=corp"	false	named		true (ByPropertyName)	false
AzureUsers [<String[]>] An array of existing Entra ID user identifiers to remove from the Azure group.An identifier is a distinguished name, for example, "CN=7939934-425325-35353-35235B,az=corp",and multiple distinguished names can be comma separated:"CN=7939934-425325-35353-35235B,az=corp", "CN=A30226EA-6A55-43C1-B7AF-E694BDF97836,az=corp"	false	named		true (ByPropertyName)	false
Identifier <String> The GUID of the Entra ID group. For example: 3FB3B182-FAA2-476A-9843-5F77B245DD03	true	named		true (ByPropertyName)	false
Tenant <String> The Tenant ID of the object in GUID or displayname format. For example: b201dhg8-087e-5n9d-9986-c4d987bfa0b1 or MyTenant	true	named		true (ByPropertyName)	false
DRARestServer [<String>] The name of the computer running the DRA REST Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'.	false	named		true (ByPropertyName)	false
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. This parameter is used only when the DRARestServer parameter is also specified. If the parameter is not specified, the value defaults to 8755.	false	named	8755	true (ByPropertyName)	false
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate.	false	named		false	false
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user.	false	named		false	false
Timeout [<Int32>] The wait time in seconds before the request to the DRA REST server times out.To specify an infinite timeout, you can set this parameter to -1.	false	named	100 seconds	true (ByPropertyName)	false
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters.

NOTE:For more information, type "Get-Help Remove-AzureDRAGroupMembers -detailed". For technical information, type "Get-Help Remove-AzureDRAGroupMembers -full".

Example 3-16 1

PS C:\>Remove-AzureDRAGroupMembers -Tenant MyTenant -Identifier 23225bb1-5ac0-4b4c-a23c-beb7fad44b65 -Contact "CN=My Contact,OU=ABC,OU=ABC-Parent,DC=MYDOMAIN,DC=corp" -Groups "CN=My Group,OU=Accounting,DC=MYDOMAIN,DC=corp" "-Users "CN=MyUser,OU=Users,OU=ABC,OU=ABC-Parent,DC=MYDOMAIN,DC=corp" -AzureContacts "CN=299b52d3-79be-4748-ab0f-e2374f0aa7b4,AZ=MyTenant" -AzureGroups "CN=7939934-425325-35353-35235B,AZ=MyTenant" -AzureUsers "CN=CB58BFCE-1E49-4FA5-AF0A-E2B5068F8073,AZ=MyTenant"

This example removes an Entra ID contact, an Entra ID group, an Entra ID user, a contact, a group, and a user from the Entra ID group identified by the GUID 23225bb1-5ac0-4b4c-a23c-beb7fad44b65 in the Entra ID tenant named MyTenant. Multiple Entra ID objects of any type could be removed by using a comma to separate the members.

Example 3-17 2

PS C:\>Remove-AzureDRAGroupMembers -Tenant MyTenant -Identifier 23225bb1-5ac0-4b4c-a23c-beb7fad44b65 -Groups "CN=MyGroup,OU=Accounting,DC=MYDOMAIN,DC=corp" -Users "CN=My User,OU=Users,OU=ABC,OU=ABC-Parent,DC=MYDOMAIN,DC=corp" -AzureGroups "CN=7939934-425325-35353-35235B,az=MyTenant" -AzureUsers "CN=CB58BFCE-1E49-4FA5-AF0A-E2B5068F8073,az=MyTenant","CN=09A8BFCE-1E93-0AA5-990A-A8C0579FB128,az=MyTenant"

This example removes an Entra ID group, two Entra ID users, a group, and a user from an Entra ID group in the Entra ID Tenant. Multiple Entra ID objects of any type can be removed by using a comma to separate the members.