Remove-​Aadrm​Role​Based​Administrator

Removes administrative rights from Rights Management.

Syntax

Remove-AadrmRoleBasedAdministrator
      [-EmailAddress <String>]
      [-Role <Role>]
      [<CommonParameters>]
Remove-AadrmRoleBasedAdministrator
      [-ObjectId <Guid>]
      [-Role <Role>]
      [<CommonParameters>]
Remove-AadrmRoleBasedAdministrator
      [-Role <Role>]
      [-SecurityGroupDisplayName <String>]
      [<CommonParameters>]

Description

The Remove-AadrmRoleBasedAdministrator cmdlet removes administrative rights for a user or group from Azure Rights Management for your organization.

You must use PowerShell to configure delegated administrative control for the Azure Rights Management service; you cannot do this configuration by using a management portal.

Note: One of the parameters for this cmdlet uses the ObjectId (also known as a GUID). Because the Office 365 admin center and the Azure classic portal does not display the GUIDs that are used to identify specific user or groups objects, you can use the following two steps to find the values that you need to specify the GUIDs. Or, you can use the Azure portal to find these values.

1. If you have not already done so, download and install a PowerShell module for Azure AD. Connect to the service and get details of the security group that you want to specify. For example, connect to the service by running Connect-MsolService, and then run Get-MsolGroup.

Tip: If you have many groups, use the Where-Object cmdlet in Windows PowerShell to filter results. For example, you might enter the following cmdlet to filter and return only groups that start with "Rights": Get-MsolGroup | where {$_.DisplayName -like "Rights*" }

2. From the output of the cmdlet, copy the GUID value that was returned and use (paste) that value into the value of the ObjectId parameter when you run the Add-RoleBased Administrator or Remove-AadrmRoleBasedAdministrator cmdlet.

Examples

Example 1: Remove administrative rights by using a display name

PS C:\>Remove-AadrmRoleBasedAdministrator -SecurityGroupDisplayName "Finance Employees"

This command removes Azure Rights Management administrative rights from the group named Finance Employees.

Example 2: Remove administrative rights by using an email address

PS C:\>Remove-AadrmRoleBasedAdministrator -EmailAddress "EvanNarvaez@Contoso.com"

This command removes Azure Rights Management administrative rights from the group that has the specified email address.

Optional Parameters

-EmailAddress

Specifies the email address of a user or group.The cmdlet removes Azure Rights Management administrative rights for the user or group identified by the email address that you specify.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-ObjectId

Specifies the GUID of a user or group.The cmdlet removes Azure Rights Management administrative rights for the user or group identified by GUID that you specify.

Type:Guid
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-Role

Specifies a role. The cmdlet removes an administrator that belongs to the role that you specify.The acceptable values for this parameter are:

- ConnectorAdministrator

- GlobalAdministrator

If you do not specify a role, the cmdlet removes the administrator from the GlobalAdministrator role.

Type:Role
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-SecurityGroupDisplayName

Specifies the display name of a user or group. The cmdlet removes Azure Rights Management administrative rights for the user or group identified by the name that you specify.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False