Author Posts

January 1, 2012 at 12:00 am

by pumabaer at 2013-04-30 14:29:25

Is there nobody here who can help me to solve my Question ?
Hello,
First, sorry about my bad English, I will work on it.
Q: I wan´t to remove all Members of a OU from all Groups they are Member of.
I tried this:
$User = Get-ADUser -Filter * -Searchbase "OU=test,OU=testtest,OU=test,DC=test,DC=test"
Get-ADPrincipalGroupMembership $User| % {Remove-ADPrincipalGroupMembership $User -Confirm:0 -MemberOf $_}

and some other things.
Can anybody help me to find out what is wrong.

Thanks so much
Stefan

by MasterOfTheHat at 2013-05-01 08:49:15

Assuming there is more than one user in your search base, the $User variable is going to be an array of users and not a single user. You need to pass a single user as the -Identity parameter of the Get-ADPrincipalGroupMembership, though. You'll need to loop through all of the users in $Users and run the Get-ADPrincipalGroupMembership cmdlet for each.

I haven't tested this, but try something like:
$Users = Get-ADUser -Filter * -Searchbase "OU=test,OU=testtest,OU=test,DC=test,DC=test"

foreach ($user in $Users) {
$groups = Get-ADPrincipalGroupMembership $user
foreach ($group in $groups) {
Remove-ADPrincipalGroupMembership $user -Confirm:0 -MemberOf $group
}
}

by pumabaer at 2013-05-01 11:36:07

Hello ... and Thanks so much,

your Answer solved my Problem/Question.

Beste Gruesse
Stefan