Change Domain first

This topic contains 4 replies, has 3 voices, and was last updated by  Dan D 3 weeks, 1 day ago.

  • Author
    Posts
  • #103373

    Dan D
    Participant

    Hi
    I'm trying to clear members of an AD Group and have the working command:
    Get-ADGroupMember "RemoveUpdateTimer" | ForEach-Object {Remove-ADGroupMember "RemoveUpdateTimer" $_ -Confirm:$false}

    The AD Group (RemoveUpdateTimer) and user computers are on 'Domain A' and it works locally
    The server that i want to create a scheduled task to run the command daily is on 'Domain B'

    When running the command on the server manually, it says it cannot find the AD Group 'RemoveUpdateTimer' on Domain B

    Question:
    How can I modify the Powershell command above, to have it look under Domain A, instead of Domain B?

  • #103393

    Don Jones
    Keymaster

    The AD commands cue off the drive you're currently connected to. When you load the module it maps an AD: drive to the domain the computer is a member of, but you can map additions ones (New-PSDrive). Change to the drive that represents a different domain, and the AD commands operate against that domain instead.

    This'll be hard to do in a scheduled task, I imagine, as you'll have to make sure this isn't running under the computer's account, unless the computer's account somehow has Domain Admin permissions in Domain B.

  • #103403

    Ron
    Participant

    You can add parameters to the AD commands to specify the domain, or a domain controller to use.

    Get-ADGroupMember -server domain.com ...

    Remove-ADGroupMember -server dc1.domain.com ...

    You'll also need to pass credentials if the scheduled job is not running as an admin in that domain.

    • #103406

      Dan D
      Participant

      Thanks, I believe that is closer to a resolution.

      The purpose of my command is to remove the members from the AD Group RemoverUpdateTimer. Adding the -server no longer shows an error but also leaves me with nothing to troubleshoot,

      Testing from the server domain 'Domain B' – no errors, members not removed from AD Group
      Testing from the user domain 'Domain A' – no errors, members are removed from the AD Group

      How would you add a log output of the command for further troubleshooting..or how would you proceed?

    • #103432

      Dan D
      Participant

      Success:

      Get-ADGroupMember -identity "RemoveUpdateTimer" -Recursive -Server "DomainB"|ForEach-Object {Remove-ADGroupMember -server "DomainB" "RemoveUpdateTimer" $_ -Confirm:$false}

You must be logged in to reply to this topic.