remove all AD group membership from a computer

This topic contains 2 replies, has 2 voices, and was last updated by  Tony 1 year, 9 months ago.

  • Author
  • #53162


    Hi, I'm fairly new to powershell and I'm looking for help on a powershell script to remove all AD group membership from a computer. So anything under the Member of tab in AD for that computer. Please note I do not plan on using the dell quest cmdlets. Thanks for any help in advance.

  • #53172

    Fredrik Kacsmarck

    There are probably many ways to do it but e.g.

    # The computer you want to remove
    $server = 'Server1'
    # The computer DN
    $computerDN = Get-ADComputer -Identity $server | select -expandproperty DistinguishedName
    # The list of groups in the member of attribute
    $groupDN = Get-ADComputer -Identity $server -Properties MemberOf| select -expandproperty MemberOf
    # go through the list
    foreach($g in $groupDN)
      # If you want to suppress confirmation add -Confirm:$false to the line below
      Remove-ADGroupMember -Identity "$g" -Member "$computerDN"

    Disclaimer: works in my lab, so test it first before using.
    Edit: You need the powershell RSAT tools for Active Directory installed to use the Get-ADComputer, Remove-ADgroupmember
    Edit2: Forgot to mention that the above will not remove the group that is set as the Primary AD group for the computer, usually this is "Domain Computers"

  • #53200


    This works great. Thank you for the quick reply.

You must be logged in to reply to this topic.