Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Remove-QADGroupMember Giving Invalid URI Error On Only Some Groups

Posted on 2012-04-09
8
Medium Priority
?
991 Views
Last Modified: 2012-04-15
I am working on writing a script to automate some of the Active Directory tasks we perform when a user leaves our organization. One of those tasks is removing the user from all groups except "Domain Users." Here is a snippet of that code:
$AllGroups = Get-QADMemberOf $User
Foreach ($Group in $AllGroups)
{
	If ($Group -ne "Domain Users")
	{
		$null = Remove-QADGroupMember $Group -Member $User
		Write-Host "Removed $User from group: $Group ..."
	}
}

Open in new window

The problem is that for a select handful of groups this isn't working (it works great for most). I get this error:
Remove-QADGroupMember : Invalid URI: The hostname could not be parsed.
+ Remove-QADGroupMember <<<<  'ALL EXCH USERS' -Member mscruz
    + CategoryInfo          : NotSpecified: (:) [Remove-QADGroupMember], UriFormatException
    + FullyQualifiedErrorId : System.UriFormatException,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.RemoveGroupMemberCmdlet2

Open in new window

I have made sure that I have rights to these groups and have verified that I can make the same change manually in Active Directory.

Any Ideas?

Thanks,
-Al
0
Comment
Question by:Cacophony777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 5

Expert Comment

by:kollenh
ID: 37824731
I suspect it has to do with the type of group.  If you look at those that have given you a problem, do you see a common thread?  Also, do you have a single-domain environment or multi-?
0
 
LVL 1

Author Comment

by:Cacophony777
ID: 37825094
Single Domain environment. What's weird is I have compared the group in the example above with a couple groups that I confirmed the script did work on and they all had the same security and all had the Group Scope set to Universal and Group Type as Security.

The line in the error that states "UriFormatException" leads me to believe that something is pulling over nice from the Get-QADMemberOF cmdlet. Only thing is, even if I just run  (Remove-QADGroup 'ALL EXCH USERS' -Member mscruz) on the command line I get the same error and that Syntax looks correct to me...
0
 
LVL 5

Expert Comment

by:kollenh
ID: 37825179
I'm assuming your message above should have been "Remove-QADGroupMember" otherwise that is your problem..

Remove-QADGroupMember wants the DN of the group, so maybe try passing that explicitly?  In the script you'd use $group.dn
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 1

Author Comment

by:Cacophony777
ID: 37825546
Yea... That was a typo.

Just tried using the DN when running the command and I'm getting the same result:
Remove-QADGroupMember : Invalid URI: The hostname could not be parsed.
At line:1 char:22
+ Remove-QADGroupMember <<<<  -identity 'CN=ALL EXCH USERS,OU=Distribution Lists,OU=COMHS,dc=*****,dc=***' -Member mscr
uz
    + CategoryInfo          : NotSpecified: (:) [Remove-QADGroupMember], UriFormatException
    + FullyQualifiedErrorId : System.UriFormatException,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.RemoveGroupMemb
   erCmdlet2

Open in new window

0
 
LVL 5

Expert Comment

by:kollenh
ID: 37825574
Any chance that is a dynamically-generated DL?  Maybe try echoing out the DN of the group?  Something has to be different about that particular group.
0
 
LVL 1

Accepted Solution

by:
Cacophony777 earned 0 total points
ID: 37829183
So I found me a work around.

If I use the MS ActiveDirectory Module (Remove-ADGroupMember) instead of Quest's ActiveRoles Snapin (Remove-QADGroupMember) it works...

I've never used the ActiveDirectory Module mostly because I had been using ActiveRoles with no issue. Is there any advantage to using one above the other?
0
 
LVL 5

Assisted Solution

by:kollenh
kollenh earned 300 total points
ID: 37829207
Actually I haven't used the MS module, either.  I'd say if it suits your needs, you're golden.

Sorry, I wasn't much help.
0
 
LVL 1

Author Closing Comment

by:Cacophony777
ID: 37848009
Still not sure why I can't get this to work with Quest ActiveRoles, but I do have it working. Thanks to kollenh for the assistance. I still gave you some points for your time. :-)
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question