Remove AD groups nested inside parent group RRS feed

  • Question

  • From the below script i am able to denest all AD groups which are added as member to group.

    I tried to change the value $GroupsToRemove.count -gt 0 to $GroupsToRemove.count -gt 1 so i dont need to remove the

    direct AD groups nested to parent group but i want to remove the groups which is nested inside the direct groups. but did

    not work

    # Specify the DistinguishedName (DN) of the parent group. # We will remove all members of this group that have class "group". $GroupDN = "cn=Test_May_03,OU=Groups,OU=Sales,DC=Dev,DC=com" # The Member property is an array of the DistinguishedNames (DN) of all direct members of the group. # The DN is required by Get-ADObject, which we use to determine the class of each member. $Members = (Get-ADGroup -Identity $GroupDN -Properties Member).Member # Create an array of distinguished names of nested groups to remove. $GroupsToRemove = @() # Enumerate all direct members of the parent group and determine which are nested groups. ForEach ($Member In $Members) { # Members can be users, computers, contacts, or nested groups. We only consider groups. $Class = (Get-ADObject -Identity $Member).ObjectClass If ($Class -eq "group") { # Add the DN of this nested group to the array of groups to remove. $GroupsToRemove = $GroupsToRemove + $Member } } # Remove any nested groups from the parent group. If ($GroupsToRemove.Count -gt 0) { Set-ADGroup -Identity $GroupDN -Remove @{Member=$GroupsToRemove} }

    suresh arasu

    Monday, May 25, 2020 2:41 PM

All replies