[英]How do I remove all the groups from disabled Active Directory Users via Powershell?
我正在尝试在我们的 Active Directory 中收集所有禁用的用户,并尝试从他们的所有组中删除禁用的用户。 主要用于清理目的。 我有点卡在我的剧本上。 我不确定在Remove-ADPrincipalGroupMembership之后放什么:
$disabled_users = Get-AdUser -SearchBase "Ou=Users, Ou=test, DC=testdomain, DC=io" -Filter
"enabled -eq 'false'"
foreach($person in $disabled_users) {
Get-ADPrincipalGroupMembership $person | Remove-ADPrincipalGroupMembership #stuckhere
}
Get-ADPrincipalGroupMembership仅返回组,导致Remove-ADPrincipalGroupMembership使用组名称自动填充-Identity 。 您必须在-Identity中重新使用用户 object 。
由于第一个问题, Remove-ADPrincipalGroupMembership不接受来自管道的多个组。 它应该正常,但Get-ADPrincipalGroupMembership返回的[ADGroup]对象似乎把它绊倒了。 要修复,请使用ForEach循环,或使用两步过程:
# two steps:
$groups = Get-ADPrincipalGroupMembership $person
Remove-ADPrincipalGroupMembership -Identity $person -MemberOf $groups -WhatIf
# OR foreach loop:
Get-ADPrincipalGroupMembership $person |
Foreach {
Remove-ADPrincipalGroupMembership -Identity $person -MemberOf $_
}
请注意,您无法删除 AD 用户的主要组(通常是“域用户”),因此您可能需要添加过滤器:
$groups = Get-ADPrincipalGroupMembership $person |
Where Name -notlike 'Domain Users'
Remove-ADPrincipalGroupMembership -Identity $person -MemberOf $groups
改为使用Remove-ADGroupMember添加另一个选项:
Get-ADPrincipalGroupMembership $person | Remove-ADGroupMember -Members $person
Remove-ADGroupMember会将用户成员身份的distinguishedNames名称作为管道值,因此您只需指定要删除的组的成员。
用于将 Active Directory 用户添加到组的 Powershell 脚本
[英]Powershell Script for adding Active Directory users to groups
如何搜索Active Directory以查找来自同一域的两个不同组织单位中存在的所有已启用用户?
[英]How do I search Active Directory to find all enabled users that exist in two different organizational units from the same domain?
Active Directory - 用于查找不在一组组中的所有用户的脚本?
[英]Active Directory - a script to find all users that aren't in a set of groups?
如何将Active Directory用户从google.com重定向到我的网络服务?
[英]How do I redirect my Active Directory users from google.com to my web service?
使用VBScript从Active Directory(LDAP)中检索所有用户
[英]Retrieve all users from Active Directory (LDAP) using VBScript
如何在Linux上的Active Directory中为Tomcat创建.keytab?
[英]How do I create a .keytab from Active Directory for Tomcat on Linux?
我在Windows服务器上安装了postgreSQL,想对用户进行访问控制。 它如何与 Active Directory 集成?
[英]I installed postgreSQL on Windows server and want to have access control for users. How do it integrate it with Active Directory?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.