remove all ad group membership for one user except domain user

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Ron Ron 3 weeks, 5 days ago.

  • Author
    Posts
  • #67341
    Profile photo of Siddra
    Siddra
    Participant

    Hi

    I am looking for a powershell command to remove all ad group membership for one user except domain user

    I have found the below code but it used quest cmdlets which im not sure what they are.

    Get-QADUser -samaccountName *type-in-username-here* | Remove-QADMemberOf -RemoveAll
    For example: Get-QADUser -samaccountName SmithJ | Remove-QADMemberOf -RemoveAll

    I want to amend the above code to remove all groups except domain users. I have look and researched everywhere but cannot seem to find anything.

  • #67342
    Profile photo of Graham Beer
    Graham Beer
    Participant

    Hi,

    These are the quest AD module right ? I've not used them for a while so can't remember if they have a 'Filter' Parameter. But you can use a where clause. This is pseudocode, but something like this:

    Get-QADUser -samaccountName * | 
        where {$_ -ne "Domain User"} | 
        Remove-QADMemberOf -RemoveAll
    
  • #67375
    Profile photo of Ron
    Ron
    Participant

    Assuming you want to use the ActiveDirectory commandlets instead of Quest.

    Untested:

    Get-ADUser "SamAccountName" -Properties MemberOf | Select -Expand MemberOf | %{Remove-ADGroupMember $_ -member "SamAccountName"}

    Domain Users is not part of MemberOf.

You must be logged in to reply to this topic.