remove all AD group membership from a computer

Welcome Forums General PowerShell Q&A remove all AD group membership from a computer

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
2 years, 3 months ago.

  • Author
    Posts
  • #53162

    Participant
    Points: 0
    Rank: Member

    Hi, I'm fairly new to powershell and I'm looking for help on a powershell script to remove all AD group membership from a computer. So anything under the Member of tab in AD for that computer. Please note I do not plan on using the dell quest cmdlets. Thanks for any help in advance.

  • #53172

    Participant
    Points: 190
    Helping Hand
    Rank: Participant

    There are probably many ways to do it but e.g.

    # The computer you want to remove
    $server = 'Server1'
    
    # The computer DN
    $computerDN = Get-ADComputer -Identity $server | select -expandproperty DistinguishedName
    
    # The list of groups in the member of attribute
    $groupDN = Get-ADComputer -Identity $server -Properties MemberOf| select -expandproperty MemberOf
    
    # go through the list
    foreach($g in $groupDN)
      {
      # If you want to suppress confirmation add -Confirm:$false to the line below
      Remove-ADGroupMember -Identity "$g" -Member "$computerDN"
      }
    

    Disclaimer: works in my lab, so test it first before using.
    Edit: You need the powershell RSAT tools for Active Directory installed to use the Get-ADComputer, Remove-ADgroupmember
    Edit2: Forgot to mention that the above will not remove the group that is set as the Primary AD group for the computer, usually this is "Domain Computers"

  • #53200

    Participant
    Points: 0
    Rank: Member

    This works great. Thank you for the quick reply.

The topic ‘remove all AD group membership from a computer’ is closed to new replies.