Get-ADPrincipalGroupMembership question

This topic contains 2 replies, has 2 voices, and was last updated by  Wayne Peloquin 2 years, 6 months ago.

  • Author
    Posts
  • #24992

    Wayne Peloquin
    Participant

    Hello all,

    First thanks for taking the time to read this.

    I would like to modify this script to remove all of an AD users group memberships but exclude deleting 2 groups 1st named "Archive" and 2nd named "domain Users".

    Is this possible?

    Get-ADPrincipalGroupMembership -Identity $User | % {Remove-ADPrincipalGroupMembership -Identity $User -MemberOf $_ -Confirm:$False}

    thanks,
    Wayne

  • #24993

    Rob Simmers
    Participant

    Yup:

    Get-ADPrincipalGroupMembership -Identity $User |  Where{$_.Name -ne "Archive" -or $_.Name -ne "Domain Users"} | foreach {Remove-ADPrincipalGroupMembership -Identity $User -MemberOf $_ -Confirm:$False -WhatIf}
    

    Added a -WhatIf to Remove-ADPrincipalGroupMembership to make sure you are actually deleting what you expect.

  • #24994

    Wayne Peloquin
    Participant

    Thanks Rob! I tested this this morning and it seems to not like the -or so I tried an -and

    that seemed to work

    You made my life a whole lot easier. thank you!

You must be logged in to reply to this topic.