Add Remove-OnPremImmutableId script

2026-04-18 08:43:35 -04:00 · 2026-04-18 08:43:35 -04:00 · 96368d0c7c
commit 96368d0c7c
parent 8763078455
1 changed files with 33 additions and 0 deletions
--- a/m365/Remove-OnPremImmutableId.ps1
+++ b/m365/Remove-OnPremImmutableId.ps1
@ -0,0 +1,33 @@
+param (
+    [Parameter(Mandatory=$true)]
+    [string]
+    $UserId
+)
+
+$VerbosePreference = 'Continue'
+
+Connect-MgGraph -NoWelcome -Scopes User.ReadWrite.All,Organization.Read.All
+
+$User = Get-MgUser -UserId $UserId -Property DisplayName,UserPrincipalName,Id,OnPremisesImmutableId | Select-Object -Property DisplayName,UserPrincipalName,Id,OnPremisesImmutableId
+
+Write-Host "User identified to remove is '$($User.DisplayName) ($($User.UserPrincipalName))'"
+do {
+    $Decision = Read-Host "Continue? (y/n)"
+    if ($Decision -cmatch '[Nn](?:o)?') { exit }
+} while ($Decision -cnotmatch '[Yy](?:es)?')
+
+Write-Host "Removing OnPremisesImmutableId..."
+Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/Users/$($User.Id)" -Body @{OnPremisesImmutableId = $null}
+Write-Verbose "OnPremisesImmutableId: '$($User.OnPremisesImmutableId)' -> '$((Get-MgUser -UserId $UserId -Property OnPremisesImmutableId).OnPremisesImmutableId)'"
+
+Write-Host "Starting ADSync Delta sync... " -NoNewline
+try {
+   if ($Configuration.RemoteAdSync) {
+      Invoke-Command -ComputerName $Configuration.RemoteAdSyncComputerName -ScriptBlock { (Start-AdSyncSyncCycle -PolicyType Delta).Result }
+   } else {
+      (Start-AdSyncSyncCycle -PolicyType Delta).Result
+   }
+} catch {
+   Write-Host -ForegroundColor Red "Failed: $_"
+   break
+}