Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 3, 2018 8:30 PM
I have users in domain.A who are a member of multiple groups in domain.B
I would like to remove these users from those groups, however I want to target the groups that are in domain.B which are within a specific OU only.
Any ideas or should I be looking at this flipped around, where I target the groups in the OU and remove the users that are a member of domain.A?
Remove-ADGroupMember doesn't seem to work here.
Also I have the list of users, or groups, in a CSV which I could import if that helps.
All replies (5)
Thursday, January 4, 2018 6:17 AM ✅Answered | 1 vote
Hi,
Based on my research, I'd like to explain that we may need to get the users from domain A on domain B firstly, then use Remove-ADGroupMember cmdlet to remove them. Also, we can use Get-ADGroup cmdlet with -SearchBase parameter to target groups in a specific OU. The following demo script for your reference, hope it is helpful to you:
# Run this on domain B
$domainAuser = Get-ADUser -Identity domainAuser -Server dc.domainA.com
Get-ADGroup -Filter * -SearchBase 'OU=yourOU,DC=domainB,DC=com' |
Remove-ADGroupMember -Members $domainAuser -Confirm:$false
If you need further help, please feel free to let us know.
Best Regards,
Albert
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Wednesday, January 3, 2018 8:59 PM
The CmdLet requires a full trust and your account must be an admin in all domains. You also need to use the Distinguished name of the users and groups.
\(ツ)_/
Wednesday, January 3, 2018 9:12 PM
Which cmdlet, Remove-ADGroupMember?
both domains are in the same forest with transitive trusts, account used is admin in both domains.
I'll try the DN
Thursday, January 4, 2018 1:24 PM
So let's say I have a csv file with a list of sAMAccount names...how would I incorporate that into this.
Import-Csv C:\test.csv
ForEach-Object{
$name = $_.Name
$domainAuser = Get-ADUser -Identity $_.Name -Server dc.domainA.com
Get-ADGroup -Filter * -SearchBase 'OU=Path,OU=Path...' |
Remove-ADGroupMember -Members $domainAuser -Confirm:$false
}
I know this doesn't work, but is it possible?
Friday, January 5, 2018 4:33 AM
Hi,
Based on my research, this issue is probably caused by missing a pipeline behind Import-Csv. Please have a try with the following script and see if it works:
Import-Csv -Path C:\test.csv | ForEach-Object {
$domainAuser = Get-ADUser -Identity $_.Name -Server dc.domainA.com
Get-ADGroup -Filter * -SearchBase 'OU=Path,OU=Path...' |
Remove-ADGroupMember -Members $domainAuser -Confirm:$false
}
If you need further help, please feel free to let us know.
Best Regards,
Albert
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]