header image

Remove all members from a group

Posted by: | February 27, 2012 | No Comment |

Do you need to remove all members from a group

$ou = "OU=BlogTests,DC=Manticore,DC=org"            
$group = "GroupUnvlSecA"            
Get-ADGroupMember -Identity $group |            
Remove-ADPrincipalGroupMembership -MemberOf $group -Confirm:$false            
"`nAD provider"            
$group = "GroupUnvlSecB"            
$ou = "OU=TestGroups,DC=Manticore,DC=org"            
$members = @()            
Set-ItemProperty -Path ad:\"cn=$group,$ou" -Name member -Value $members -Force            
$group = "GroupUnvlSecC"            
Get-QADGroupMember -Identity $group |             
Remove-QADGroupMember -Identity $group            
$group = "GroupUnvlSecD"            
$ge = [adsi]"LDAP://cn=$group,$ou"            
$ge.member |            
foreach {            

The Microsoft cmdlet and provider will moan about insufficient privileges if you get the syntax wrong

For the Microsoft cmdlet we can pipe the group membership into Remove-ADPrincipalGroupMembership. Notice the use of –Confirm.  if you don’t use that you will be asked to confirm every deletion.

The Quest cmdlet is a simple get | remove operation

The provider treats the members as an array so we can use an empty array to overwrite the memebrship

The script iterates through the members and uses the Remove() method to delete members

under: PowerShell and Active Directory