Scripts/ActiveDirectory/Remove-CohesityActiveDirectory.ps1
function Remove-CohesityActiveDirectory { <# .SYNOPSIS Remove active directory from the cohesity cluster. .DESCRIPTION Deletes the join of the Cohesity Cluster to the specified Active Directory domain. After the deletion, the Cohesity Cluster no longer has access to the principals on the Active Directory. For example, you can no longer log in to the Cohesity Cluster with a user defined in a principal group of the Active Directory domain. .NOTES Published by Cohesity .LINK https://cohesity.github.io/cohesity-powershell-module/#/README .EXAMPLE Remove-CohesityActiveDirectory -DomainName cohesity.com .EXAMPLE Remove-CohesityActiveDirectory -DomainName cohesity.com -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", (ConvertTo-SecureString -AsPlainText "secret" -Force)) -Confirm:$false #> [CmdletBinding(SupportsShouldProcess = $True, ConfirmImpact = "High")] Param( [Parameter(Mandatory = $true)] # Specifies the Active Directory Domain Name. $DomainName, [Parameter(Mandatory = $true)] [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] # Specifies the Active Directory credential. $Credential ) Begin { $session = CohesityUserProfile $server = $session.ClusterUri $token = $session.Accesstoken.Accesstoken } Process { $UserName = $Credential.UserName $PlainPassword = $Credential.GetNetworkCredential().Password $url = $server + '/irisservices/api/v1/public/activeDirectory' $headers = @{'Authorization' = 'Bearer ' + $token} if ($PSCmdlet.ShouldProcess($Name)) { $payload = @{ domainName = $DomainName machineAccounts = @($MachineAccounts) preferredDomainControllers = @(@{domainName = $DomainName}) trustedDomainsEnabled = $false userIdMapping = @{ } userName = $UserName password = $PlainPassword } $payloadJson = $payload | ConvertTo-Json $resp = Invoke-RestApi -Method Delete -Uri $url -Headers $headers -Body $payloadJson if ($resp) { $errorMsg = "Active Directory : $DomainName deleted." CSLog -Message $errorMsg $resp } else { $errorMsg = "Active Directory : $DomainName could not be deleted" Write-Output $errorMsg CSLog -Message $errorMsg } } } End { } } |