-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathRemove-GroupfromUser.ps1
More file actions
30 lines (23 loc) · 1.17 KB
/
Remove-GroupfromUser.ps1
File metadata and controls
30 lines (23 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
########################################################
Import-Module ActiveDirectory
$list=Import-Csv c:\testing\disabledusers.txt
forEach ($item in $list) {
$user = Get-ADUser $item.'SamAccountName'
$user | Disable-ADAccount
}
$TargetOU = "OU=ot,OU=disabled users,DC=otcorp,DC=opentable,DC=com"
Import-Csv -Path C:\testing\disabledusers.txt | ForEach-Object {
$UserDN = (Get-ADUser -Identity $_.Name).distinguishedName
Move-ADObject -Identity $UserDN -TargetPath $TargetOU
}
$searchOU = "OU=ot,OU=disabled users,DC=otcorp,DC=opentable,DC=com"
$adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU
$adgroup | ForEach-Object{ $group = $_
Get-ADGroupMember -Identity $group -Recursive | ForEach-Object{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | Where-Object{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_
$uname = $user.Name
$gname = $group.Name
Write-Host "Removing $uname from $gname" -Foreground Yellow
Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false
}
}
#######################################################