Author Posts

May 6, 2015 at 12:07 pm

Hello all,

First thanks for taking the time to read this.

I would like to modify this script to remove all of an AD users group memberships but exclude deleting 2 groups 1st named "Archive" and 2nd named "domain Users".

Is this possible?

Get-ADPrincipalGroupMembership -Identity $User | % {Remove-ADPrincipalGroupMembership -Identity $User -MemberOf $_ -Confirm:$False}

thanks,
Wayne

May 6, 2015 at 12:36 pm

Yup:

Get-ADPrincipalGroupMembership -Identity $User |  Where{$_.Name -ne "Archive" -or $_.Name -ne "Domain Users"} | foreach {Remove-ADPrincipalGroupMembership -Identity $User -MemberOf $_ -Confirm:$False -WhatIf}

Added a -WhatIf to Remove-ADPrincipalGroupMembership to make sure you are actually deleting what you expect.

May 6, 2015 at 1:18 pm

Thanks Rob! I tested this this morning and it seems to not like the -or so I tried an -and

that seemed to work

You made my life a whole lot easier. thank you!