Change Domain first

Welcome Forums General PowerShell Q&A Change Domain first

This topic contains 4 replies, has 3 voices, and was last updated by

10 months, 3 weeks ago.

  • Author
  • #103373

    Topics: 1
    Replies: 2
    Points: 0
    Rank: Member

    I'm trying to clear members of an AD Group and have the working command:
    Get-ADGroupMember "RemoveUpdateTimer" | ForEach-Object {Remove-ADGroupMember "RemoveUpdateTimer" $_ -Confirm:$false}

    The AD Group (RemoveUpdateTimer) and user computers are on 'Domain A' and it works locally
    The server that i want to create a scheduled task to run the command daily is on 'Domain B'

    When running the command on the server manually, it says it cannot find the AD Group 'RemoveUpdateTimer' on Domain B

    How can I modify the Powershell command above, to have it look under Domain A, instead of Domain B?

  • #103393

    Topics: 13
    Replies: 4872
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    The AD commands cue off the drive you're currently connected to. When you load the module it maps an AD: drive to the domain the computer is a member of, but you can map additions ones (New-PSDrive). Change to the drive that represents a different domain, and the AD commands operate against that domain instead.

    This'll be hard to do in a scheduled task, I imagine, as you'll have to make sure this isn't running under the computer's account, unless the computer's account somehow has Domain Admin permissions in Domain B.

  • #103403

    Topics: 0
    Replies: 199
    Points: 2
    Rank: Member

    You can add parameters to the AD commands to specify the domain, or a domain controller to use.

    Get-ADGroupMember -server ...

    Remove-ADGroupMember -server ...

    You'll also need to pass credentials if the scheduled job is not running as an admin in that domain.

    • #103406

      Topics: 1
      Replies: 2
      Points: 0
      Rank: Member

      Thanks, I believe that is closer to a resolution.

      The purpose of my command is to remove the members from the AD Group RemoverUpdateTimer. Adding the -server no longer shows an error but also leaves me with nothing to troubleshoot,

      Testing from the server domain 'Domain B' – no errors, members not removed from AD Group
      Testing from the user domain 'Domain A' – no errors, members are removed from the AD Group

      How would you add a log output of the command for further troubleshooting..or how would you proceed?

    • #103432

      Topics: 1
      Replies: 2
      Points: 0
      Rank: Member


      Get-ADGroupMember -identity "RemoveUpdateTimer" -Recursive -Server "DomainB"|ForEach-Object {Remove-ADGroupMember -server "DomainB" "RemoveUpdateTimer" $_ -Confirm:$false}

The topic ‘Change Domain first’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort