Powershell and Active Directory: Remove domain user from domain Group using Powershell.

 

Hi,

Today my IT Manager told me to remove a domain user from a specific group. Normally i used "DSA.MSC" or we can say that "Active Directory users and Computers", then i find users, go to his user account properties and click on "Member Of" tab and delete the group which the user is not required.

We can do two things.. Either we can use Get-ADGroupMember cmdlet to find the group  all group member of a particular group,or, we can use Get-ADUser cmdlet to find a group membership of a particular user.

Lets Start.

 Make sure you have "RSAT" installed on you laptop.

Now Import the Active Directory module.

Import-Module ActiveDirectory

 

..

ok, Module is imported,,

Let's use Get-ADUser cmdlet to find group membership of a domain user { http://newdelhipowershellusergroup.blogspot.in/2012/05/powershell-and-active-directory-find_11.html }

$((Get-ADUser Aman.Demo -Properties *).MemberOf -split (",")  | Select-String -SimpleMatch "CN=") -replace "CN=",""

Ok now we know that user "Aman.Demo" is a member of a Fax-Dubai and two others group. Our target is to remove "Aman.Demo" from "Fax-Dubai" Group.

Let's cross-check if "Fax-Dubai" have a "Aman.Demo" as a member.

Get-ADGroupMember -Identity "Fax-Dubai" | Select-Object Name

Yes it has... Now lets remove "Aman.Demo" from the Group.

we are Remove-ADGroupMember cmdlet to remove user from the desired Group.

Remove-ADGroupMember -Identity "Fax-Dubai" -Members "Aman.Demo"

before removing the user from the group it ask you for confirmation , type "Y". That's all.

if you want to suppress Confirmation, you can use -Confirm:$false parameter , after it it wont ask for confirmation.

ok. now we already removed the user from the group , let's check it now.

User "Aman.Demo" is a member of 2 user groups now previously it was 3, and you can see there is no "Fax-Dubai" exists in Members of now.

All Sorted :)

Thanks for reading the blog.

Aman Dhally