When you try to remove a role group using Remove-RoleGroup cmdlet and you get an error “You don’t have sufficient permissions. This operation can only be performed by a manager of the group.” You have verified that you are member of Organization Management group and should have full permissions to all cmdlets. And you wonder why is the Remove-RoleGroup not working for you!

Well, let’s look at the the error. As it says”…This operation can only be performed by a manager of the group…”. Let’s look at the Role Group:

Get-RoleGroup “Role Group| fl ManagedBy
 
 
Managed By: {Domain/OU/User}

When you look at the output, you will notice that your admin user is not one of the managers of the role group. By default, Remove-RoleGroup will not allow you to remove the role group if you are not a manager of the group. If the group does not have any assigned managers, you will be able to remove the group without any issues.

So how do you remove a role group you are not a manger of and have sufficient permissions (are member of Organization Management group)?

You need to use “BypassSecurityGroupManagerCheck” switch:

Remove-RoleGroup “Role Group” –BypassSecurityGroupmanagerCheck –Confirm:$false

If you use BypassSecurityGroupManagerCheck switch, you must be a member of Organization Management role group or be assigned the Role Management role. Details on TechNet.

Neat isn’t it?