I'm trying to find a way to add and remove users from groups based on an AD attribute. As the attribute, in this case job code, changes so will their group memberships. Each job code has a certain number of standard group memberships to it. But it is common for our users to have additional group membership beyond what their job code suggests so I'm looking for a way to remove all except 2 groups from a user as they transition into and out of the jobs that are being managed with this script. This seems like it should be pretty simple and I actually have a script that does this written in Powershell but the cmdlet in that script don't seem to work when executed in an ARS script.
The cmdlet I use in the Powershell script, Get-ADPrincipalGroupMembership, will actually pull all a users groups into an array and from there you can cycle through the array using a foreach loop and remove the groups you want removed. However, when I run this script using an onPostModify function with the debug log turned on for all details, the array attritute never gets populated. So I'm wondering if there is a cmdlet in the ARS shell that is equivalent to Get-ADPrincipalGroupMembership or if there is a function/method that will enable me to pull a user's group memberships?
Thanks