Hi
I am looking for a powershell command to remove all ad group membership for one user except domain user
I have found the below code but it used quest cmdlets which im not sure what they are.
Get-QADUser -samaccountName type-in-username-here | Remove-QADMemberOf -RemoveAll
For example: Get-QADUser -samaccountName SmithJ | Remove-QADMemberOf -RemoveAll
I want to amend the above code to remove all groups except domain users. I have look and researched everywhere but cannot seem to find anything.
Hi,
These are the quest AD module right ? I’ve not used them for a while so can’t remember if they have a ‘Filter’ Parameter. But you can use a where clause. This is pseudocode, but something like this:
Get-QADUser -samaccountName * |
where {$_ -ne "Domain User"} |
Remove-QADMemberOf -RemoveAll
Assuming you want to use the ActiveDirectory commandlets instead of Quest.
Untested:
Get-ADUser "SamAccountName" -Properties MemberOf | Select -Expand MemberOf | %{Remove-ADGroupMember $_ -member "SamAccountName"}
Domain Users is not part of MemberOf.
Get-ADUser “SamAccountName” -Properties MemberOf | Select -Expand MemberOf | %{Remove-ADGroupMember $_ -member “SamAccountName”}
Where it says samaccountname do I need to substitute it for a user i.e.
Get-ADUser “j.bloggs” -Properties MemberOf | Select -Expand MemberOf | %{Remove-ADGroupMember $_ -member “j.bloggs”}
and how would I do it for multiple users based on a csv file with one column containing a list of samaccountnames.
Thanks
well i’ve had to implement something similar, been quite awhile since i’ve dealt with it but here is a snippet of what i have
assuming you have a csv file with just a single column, with a header of networkid you could use the following
$users = import-csv input.csv
foreach ($user in $users)
{
$adgroups = Get-ADPrincipalGroupMembership -Identity $user.networkid
foreach ($singlegroup in $adgroups)
{
if ($singlegroup.SamAccountName -notlike "*Domain Users*")
{
Remove-ADPrincipalGroupMembership -Identity $user.networkid -MemberOf $singlegroup.SamAccountName -confirm:$false
}
}
}
thanks David - Ill give that a go
$user.networkid - what do you mean by the network id
networkid just refers the the header of the csv…
you can change that to whatever the header of your csv is