Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 12, 2018 12:08 AM
Looking for a powershell script that will remove ALL disabled users from any groups (Distribution and Security) in a particular OU.
Any help would be appreciated....
Brian Modlin
All replies (6)
Friday, October 12, 2018 12:17 AM
Look in Gallery for scripts:
Please carefully review the following links to set your expectation for posting in technical forums.
This Forum is for Scripting Questions Rather than script requests
- Script Gallery.
- Script Center
- Script requests
- Posting guidelines
- Handy tips for posting to this forum
- How to ask questions in a technical forum
- Rubber duck problem solving
- How to write a bad forum post
- Help Vampires: A Spotter's Guide
- This forum is for scripting questions rather than script requests
\(ツ)_/
Friday, October 12, 2018 2:18 AM
Hi BMOD,
Thanks for your question.
You can use "Get-ADuser" and "Remove-ADuser" cmdlets to get it.
/en-us/powershell/module/activedirectory/get-aduser?view=winserver2012-ps
/en-us/powershell/module/activedirectory/remove-aduser?view=winserver2012-ps
Get-ADUser -Filter * -SearchBase "OU=OUName,DC=name,DC=name" | Where-Object {$_.Enabled -eq $false} | Remove-Aduser
Best Regards,
Lee
Just do it.
Friday, October 12, 2018 10:26 AM
Hi BMOD,
Thanks for your question.
You can use "Get-ADuser" and "Remove-ADuser" cmdlets to get it.
/en-us/powershell/module/activedirectory/get-aduser?view=winserver2012-ps
/en-us/powershell/module/activedirectory/remove-aduser?view=winserver2012-ps
Get-ADUser -Filter * -SearchBase "OU=OUName,DC=name,DC=name" | Where-Object {$_.Enabled -eq $false} | Remove-AduserBest Regards,
Lee
Just do it
Think again, please, before u give nonsense advices.
OP didnt want to remove account. He wants to remove account from adgroup (security or distribution). Just cleaning up AD, without deleting objects.
You could also use filter parameters query disabled accounts in the filter (get-aduser -filter {enabled -eq $false})
Friday, October 12, 2018 11:03 AM
Might be buggy or wont work at all .. I didn't test it, but I'm pretty sure that remove-adgroup member is the right cmdlet. It just came from my mind (not having access to any DC right now). Still, should be harmless because of -whatif parameter
get-aduser -filter {enabled -eq $false} -searchbase "yourOU" -Properties memberof |%{$groups
= $_.memberof; foreach ($group in $groups){remove-adgroupmember $group -members $_.name -whatif}}
AND.. UTFG (many topics under search criteria "remove disabled users from groups powershell"
Friday, October 12, 2018 11:17 AM
If you are going to be critical then you first need to learn to correctly format code. We also like to use commands and not aliases in examples.
Here is the correct method and it is tested.
Get-AdUser -filter {enabled -eq $false} -searchbase 'yourOU' -Properties memberof |
ForEach-Object{
$user = $_
$_.memberof |
ForEach-Object{ Remove-AdGroupMember $_ -members $user -whatif }
}
Notice that this is readable and understandable. No need to try to pick out code buried in a long run-on single line.
Placing all code on a single line by catenating with ";" does not count as a one-liner My code, as posted is a one-liner correctly formatted.
A one-liner is also formally known as a "pipeline".
See: PowerShell Style Guidelines
\(ツ)_/
Friday, October 12, 2018 11:31 AM
If you are going to be critical then you first need to learn to correctly format code. We also like to use commands and not aliases in examples.
Here is the correct method and it is tested.
Get-AdUser -filter {enabled -eq $false} -searchbase 'yourOU' -Properties memberof | ForEach-Object{ $user = $_ $_.memberof | ForEach-Object{ Remove-AdGroupMember $_ -members $user -whatif } }Notice that this is readable and understandable. No need to try to pick out code buried in a long run-on single line.
Placing all code on a single line by catenating with ";" does not count as a one-liner My code, as posted is a one-liner correctly formatted.
A one-liner is also formally known as a "pipeline".
See: PowerShell Style Guidelines
\(ツ)_/
I apologize. I just had red eyes, because lately I see LeeSeenLi answers completely misunderstanding OP request. ...