In further pursuit of delegating Mobile Device Management in our Exchange Online tenant, I am trying to create custom roles to add to a role group. Here is what I am trying to do.
$RolesforMDM ="Get-ActiveSyncOrganizationSettings","Get-ActiveSyncDeviceStatistics","Get-ActiveSyncDevice","Get-Recipient","Get-ActiveSyncMailboxPolicy","Get-CASMailbox","Set-ActiveSyncOrganizationSettings","Set-CASMailbox","Get-ActiveSyncDeviceAccessRule","Set-ActiveSyncDeviceAccessRule","New-ActiveSyncDeviceAccessRule","Set-ActiveSyncMailboxPolicy","New-ActiveSyncMailboxPolicy","Remove-ActiveSyncDevice","Clear-ActiveSyncDevice"
$MDM_ROLES ="MDM-Mail","MDM-OrgCliAcc","MDM-RecipPol"
New-Managementrole-Name MDM-Mail-Parent"Mail Recipients"
New-Managementrole-Name MDM-OrgCliAcc-Parent"Organization Client Access"
New-Managementrole-Name MDM-RecipPol-Parent"Recipient Policies"
ForEach($roleName in $MDM_ROLES)
{
Get-ManagementRoleEntry"$roleName\*"|where{$RolesforMDM -notcontains $_.Name}|Remove-ManagementRoleEntry-Confirm:$False
$entrylist =Get-ManagementRoleEntry"$roleName\*"|Select-ExpandPropertyName
}
New-RoleGroup MDM_Admin -Roles $MDM_ROLES
This is "breaking" trying to pipe the results of the where statement to the Remove-ManagementRoleEntry statement. Here is the error.
Cannot process argument transformation on parameter 'Identity'. Cannot convert value "MDM-RecipPol" to type
"Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter". Error: "The format of the value you specified in the
Microsoft.Exchange.Configuration.Tasks.RoleEntryIdParameter parameter isn't valid. Check the value, and then try again.
Parameter name: identity"
+ CategoryInfo : InvalidData: (MDM-RecipPol:PSObject) [Remove-ManagementRoleEntry],: (MDM-RecipPol:PSObject) [Remove-ManagementRoleEntry],
I am new to Office 365 and PowerShell, so any help is appreciated.