Hi, I’m fairly new to powershell and I’m looking for help on a powershell script to remove all AD group membership from a computer. So anything under the Member of tab in AD for that computer. Please note I do not plan on using the dell quest cmdlets. Thanks for any help in advance.
There are probably many ways to do it but e.g.
# The computer you want to remove
$server = 'Server1'
# The computer DN
$computerDN = Get-ADComputer -Identity $server | select -expandproperty DistinguishedName
# The list of groups in the member of attribute
$groupDN = Get-ADComputer -Identity $server -Properties MemberOf| select -expandproperty MemberOf
# go through the list
foreach($g in $groupDN)
{
# If you want to suppress confirmation add -Confirm:$false to the line below
Remove-ADGroupMember -Identity "$g" -Member "$computerDN"
}
Disclaimer: works in my lab, so test it first before using.
Edit: You need the powershell RSAT tools for Active Directory installed to use the Get-ADComputer, Remove-ADgroupmember
Edit2: Forgot to mention that the above will not remove the group that is set as the Primary AD group for the computer, usually this is “Domain Computers”
This works great. Thank you for the quick reply.