header image

Removing a user from a group

Posted by: | March 11, 2012 | No Comment |

Adding and removing users from groups is a standard administrative task for AD

## remove users from groups            
$ou = "OU=BlogTests,DC=Manticore,DC=org"            
            
"`nMicrosoft"            
$name = "UserA"            
Get-ADUser -Identity $name -Properties * |            
Remove-ADPrincipalGroupMembership -MemberOf GroupGblSecA -Confirm:$false            
            
"`nAD provider"            
$name = "UserB"            
$grpmem = Get-ItemProperty ad:\"CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org" -Name member            
$members = @($grpmem.member)            
$members = $members -ne "cn=$name,$ou"            
Set-ItemProperty ad:\"CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org" -Name member -Value $members            
            
"`nQuest"            
$name = "UserC"            
Get-QADUser -Identity $name  |            
Remove-QADGroupMember -Identity GroupGblSecA            
            
"`nScript"            
$group = [adsi]"LDAP://CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org"            
$name = "UserD"            
$group.Remove("LDAP://cn=$name,$ou")

In all cases it boils down to get the user & get the group – tell AD to remove the user from the group. The key is that the activity has to occur at the group. You can’t do this from the user side.

under: PowerShell and Active Directory