Powershell remove users from group

Question

I have this script which works cross domain.

It looks up a users sid from Domain A and then checks Domain A for specific groups where this sid is present and then adds the domain A SID into the same groups on domain B.

#Connects to Domain A with admin credentials
Connect-QADService -Service DomainA.local -Credential domaina\
#gets username to work with
$user = Read-Host "Enter the users DomainA Username" Set-QADUser $user
#figures out the specific groups that need to be updated with the Domain A user
$UserXGroups = (Get-QADUser -Identity $user).MemberOf | Get-QADGroup | where {$_.Name -like "SG-*XX*" -or $_.Name -like "XX_*"} | select Name, DN, NTAccountName
#find DomainA user
$DomainAAccount = Read-Host "Confirm the users DomainA Username"
$Domainuser = Get-QADUser $DomainAAccount -Service DomainA.local
#Adds DomainA user to DomainB groups
Connect-QADService -Service DomainB.com -Credential domainb\
foreach($i in $UserXXGroups){
Add-QADGroupMember -Identity $i.Name -Member $DomainAuser | Out-Null
$i.NTAccountName
}

Write-Host "DomainA\$user added to above DomainB groups" 

I want to before adding the Domain A user to the Domain B groups I want to remove all the groups Domain B specific groups.

As we will be using Domain A as the master and adding the user into the Domain B groups based on whats in the member of tab on Domain A.

Does that make sense? Can clarify if needed.... Any help is appreciated.

Answer 1

I am assuming you just want to clear the group memberships of the user on Domain B that matches the user on Domain A then copy the groups from that user on domain A to domain B.

You can clear group memberships like this:

$username = Read-Host "Enter the Username"    
$user = Get-QADUser $username
$user.memberof | Get-QADGroup | Remove-QADGroupMember -member $user