I am trying to remove an AD user from the child domain from a group in the parent domain using powershell script.
Remove-ADGroupMember -Identity $group -Members jdoe -confirm: $false
Error message: Cannot find and object with identity: "jdoe" under: DC: corp, DC:hello, DC=com
so, I did
$user = Get-Aduser -Filter {SamAccountName -eq "jdoe"} -Server child.corp.hello.com
Remove-ADGroupMember -Identity $group -Members $user -confirm: $false
Error message: The specified account name is not a member of the group
then, I did
Remove-ADGroupMember -Identity $group -Members $user.DistinguishedName -confirm: $false
Error Message: A referral was returned from the server.
How can I remove the user from the group that's in a parent domain?
Use Set-ADObject
to remove the cross-domain entry from the member
attribute of the group:
$user = Get-Aduser -Filter {SamAccountName -eq "jdoe"} -Server child.corp.hello.com
Set-ADObject $group -Remove @{member=$user.DistinguishedName}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.