Removing a user from a group

Adding and removing users from groups is a standard administrative task for AD

## remove users from groups            
$ou = "OU=BlogTests,DC=Manticore,DC=org"            
$name = "UserA"            
Get-ADUser -Identity $name -Properties * |            
Remove-ADPrincipalGroupMembership -MemberOf GroupGblSecA -Confirm:$false            
"`nAD provider"            
$name = "UserB"            
$grpmem = Get-ItemProperty ad:\"CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org" -Name member            
$members = @($grpmem.member)            
$members = $members -ne "cn=$name,$ou"            
Set-ItemProperty ad:\"CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org" -Name member -Value $members            
$name = "UserC"            
Get-QADUser -Identity $name  |            
Remove-QADGroupMember -Identity GroupGblSecA            
$group = [adsi]"LDAP://CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org"            
$name = "UserD"            

In all cases it boils down to get the user & get the group – tell AD to remove the user from the group. The key is that the activity has to occur at the group. You can’t do this from the user side.

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s