Improvements/Help on Function

I have a Terminate-User function in a user management GUI I made. The GUI can be used on your local machine but I found that this particular portion in the function does not work due to a “Insufficient Access Rights” when I debug it, even when ran as Administrator. It will run with no issues on a DC though. The $Credential used are domain admin credentials.

Below is my code, the portion that gives me the “Insufficient Access Rights” error is the Set-ADUser portion. How can I resolve this without needing to run the tool on a DC or server?

function Terminate-User ($SAN, $Credential) { $statusbar1.Text = "Terminating the user.." $User = $UserBase.FindUsers($SAN) $SuggestedOU = Find-OU -User $User -OUs $OUsForDisabledAccounts $MoveUser = Show-Msgbox -message "Do you want to move $($User.name) to $SuggestedOU ?" -title 'Terminating' -button 'YesNo' -icon 'Question' $statusbar1.Text = "Disabling account and removing from all groups" Disable-ADAccount $User -Credential $Credential Set-ADAccountPassword $User -Reset -NewPassword (New-SWRandomPassword -PasswordLength 10 | ConvertTo-SecureString -AsPlainText -Force) - Credential $Credential #Remove from all groups except Domain Users # foreach ($Group in $User.memberof) { Remove-ADGroupMember -Identity $Group -Members $User -Credential $Credential -Confirm:$false } #Remove phone number and hide from GAL $statusbar1.Text = "Hiding from GAL" Set-ADUser -Identity $User -Clear physicalDeliveryOfficeName, streetAddress, st, postalCode, co, telephoneNumber, department, company, mobile, ipPhone -Replace @{.msExchHideFromAddressLists = $true } if ($MoveUser -eq 'Yes') { $User | Move-ADObject -TargetPath $SuggestedOU -Credential $Credential } Perform-AzureDeltaSync -AADServer $AADServer -Credential $Credential $statusbar1.Text = "The user was terminated succesfully" } 

submitted by /u/bigboijoey
[link] [comments]

Leave a Reply