Can't remove Azure AD account from local administrators using proactive remediation script

Question

Hello,

when we enroll computer manually to Intune and Azure AD using Settings > Accounts... our account is added to Administrators group and it becomes local admin on the machine.
I would like to remove that account from Administrators group using powershell script in Endpoint analytics > Proactive remediations.

Script successfully removes all accounts from Administrators group except the default, Administrator and AzureAD default accounts with SIDs(that is what we want).
But, it is not able to remove AzureAD\intunetest5 account, error "Principal Intunetest5 was not found"

However, if I run script locally on that computer it removes it successfully.

From Intune logs:
<![LOG[error from script =Remove-LocalGroupMember : Principal Intunetest5 was not found.
At C:\Windows\IMECache\HealthScripts\2c2ccb13-58f8-41ea-bb92-e8ea3e96450b_4\detect.ps1:48 char:32

• … $res = Remove-LocalGroupMember -Group $administratorsGroupName – …
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ObjectNotFound: (Intunetest5:String) [Remove-LocalGroupMember], PrincipalNotFoundExcepti
  on
• FullyQualifiedErrorId : PrincipalNotFound,Microsoft.PowerShell.Commands.RemoveLocalGroupMemberCommand

Did anyone have similar issue?

Thanks

Answer 1

I think I found solution, it requires to be AzureAD in the name of the account:

Remove-LocalGroupMember -Group $administratorsGroupName -Member AzureAD\intunetest5 -Confirm:$False