none
Bulk remove users from all assigned AD groups RRS feed

  • Question

  • Morning all,

    Writing a script to remove all users ad groups in a leavers OU.

    Now,  while running this in -whatif it does not show what user its targeting.

    Does this look correct before i hit the big button?

    $users = Get-ADUser -Filter {Enabled -eq $false} -SearchBase "OU=Users,OU=Leavers,DC=***,DC=co,DC=uk"
    ForEach ($user in $users) {
        $groups = (Get-ADUser $user -Properties MemberOf | Select-Object MemberOf).MemberOf
    ForEach ($group in $groups) {
        Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false -WhatIf
       }
    }

    • Moved by Bill_Stewart Thursday, December 13, 2018 3:31 PM This is not "test my code for me" forum
    Monday, September 24, 2018 8:35 AM

All replies

  • You should test your scripts with non productive data anyway!  ;-)

    Depending on the amount of groups you're talking about you might speed up your script a little when you use Remove-ADPrincipalGroupMembership instead of the loop and Remove-ADGroupMember. This cmdlet is able to remove multiple groups at once.


    Best regards,

    (79,108,97,102|%{[char]$_})-join''

    Monday, September 24, 2018 8:59 AM