Removing MIM PAM role RRS feed

  • Question

  • Hi everyone,

    we're trying to remove PAM role via powershell:

    PS C:\> $role = Get-PAMRole -DisplayName "CORP2 DA"
    PS C:\> Remove-PAMRole -Role $role -Force
    Remove-PAMRole : PAM role CORP2 DA cannot be removed because there is not expired request for it.
    At line:1 char:1
    + Remove-PAMRole -Role $role -Force
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Remove-PAMRole], InvalidOperationException
        + FullyQualifiedErrorId : GeneralServerError,Microsoft.IdentityManagement.AdminPamCmdlets.RemovePAMRoleCommand

    Has anyone encountered error like this one? 



    Wednesday, October 9, 2019 7:43 AM

All replies

  • There is, was a bug. I am not sure what version you have or the fix is, but there is a patch that fixes this. Apply latest one and should be ok.

    Nosh Mernacaj, Identity Management Specialist

    Wednesday, October 9, 2019 5:29 PM
  • Hi Nosh,


    I have re-applied the latest KB4489646 which, according to Microsoft Docs, replaces earlier MIM 2016 SP1 updates 4.4.1302.0 through build I get the same error when running Remove-PAMRole cmdlet. All other PAM cmdlets work as expected except this one. I can remove PAM role via MIM portal but that's not acceptable in my case.


    My bastion forest FFL=Windows2016, DFL=Windows2016 and MIM PAM runs on Windows Server 2016.


    Do you have any other ideas I could try prior to contacting Microsoft?


    Best regards,


    Thursday, October 10, 2019 7:29 AM
  • Sorry, you are right. your issue is different

    Nosh Mernacaj, Identity Management Specialist

    Thursday, October 10, 2019 2:24 PM
  • Did you find out anything about this one?

    I am seeing the same problem in our environment.

    Tuesday, October 15, 2019 11:01 AM
  • I thought the latest hotfix KB4512924 might solve the issue, but it didn't. I see the same error and cannot remove pam role via powershell.
    Friday, November 8, 2019 7:51 AM
  • Anyone aware if Microsoft are working on a fix for this? It can easily be reproduced with a fresh installation of MIMPAM SP2 ( on Windows Server 2016.


    Tom Houston, UK Identity Management Practice

    Wednesday, February 19, 2020 8:15 AM