Share via

Remove-AipServiceRoleBasedAdministrator

Module:
AIPService Module

Removes administrative rights from Azure Information Protection.

Syntax

ObjectId 

Remove-AipServiceRoleBasedAdministrator
    [-ObjectId <Guid>]
    [-Role <Role>]
    [<CommonParameters>]

DisplayName 

Remove-AipServiceRoleBasedAdministrator
    [-SecurityGroupDisplayName <String>]
    [-Role <Role>]
    [<CommonParameters>]

EmailAddress 

Remove-AipServiceRoleBasedAdministrator
    [-EmailAddress <String>]
    [-Role <Role>]
    [<CommonParameters>]

Description

The Remove-AipServiceRoleBasedAdministrator cmdlet removes administrative rights from Azure Information Protection, so that administrators you have previously delegated to configure the protection service can no longer do so by using PowerShell commands.

You must use PowerShell to configure delegated administrative control for the protection service from Azure Information Protection, you cannot do this configuration by using a management portal.

To see the full list of delegated administrators for the protection service, use Get-AipServiceRoleBasedAdministrator. Run the Remove-AipServiceRoleBasedAdministrator cmdlet for each user or group that you want to remove from the list.

Examples

Example 1: Remove administrative rights by using a display name

PS C:\>Remove-AipServiceRoleBasedAdministrator -SecurityGroupDisplayName "Finance Employees"

This command removes administrative rights from Azure Information Protection for the group that has a display name of "Finance Employees".

Example 2: Remove administrative rights by using an email address

PS C:\>Remove-AipServiceRoleBasedAdministrator -EmailAddress "EvanNarvaez@Contoso.com"

This command removes administrative rights from Azure Information Protection for the user who has an email address of "EvanNarvaez@Contoso.com".

Parameters

-EmailAddress

Specifies the email address of a user or group to remove administrative rights from Azure Information Protection. If the user has no email address, specify the user's Universal Principal Name.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

EmailAddress
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-ObjectId

Specifies the GUID of a user or group to remove administrative rights from Azure Information Protection.

Parameter properties

Type:Guid
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

ObjectId
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-Role

Specifies a role. The cmdlet removes an administrator that belongs to the role that you specify.

The acceptable values for this parameter are:

  • ConnectorAdministrator

  • GlobalAdministrator

If you do not specify a role, the cmdlet removes the administrator from the GlobalAdministrator role.

Parameter properties

Type:Role
Default value:None
Accepted values:GlobalAdministrator, ConnectorAdministrator
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-SecurityGroupDisplayName

Specifies the display name of a user or group that should no longer have administrative rights for Azure Information Protection.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

DisplayName
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.