locked
Remove users' group membership from all groups in Organization (By reading user from CSV) RRS feed

  • Question

  • Hi, 

    I am trying to run this script with exception in first line i.e. instead of filter i want it to read from CSV file. HOw i can do it. THe purpose is to delete users from all groups they are associated with. 

    $users= get-aduser -Filter * -SearchBase "ou=ExEmployees,dc=contoso,dc=com"

    Function RemoveMemberships

     {

     param([string]$SAMAccountName)  
     
     $user = Get-ADUser $SAMAccountName -properties memberof
     
     $userGroups = $user.memberof

     $userGroups | %{get-adgroup $_ | Remove-ADGroupMember -confirm:$false -member $SAMAccountName}

     $userGroups = $null

     }


    $users | %{RemoveMemberships $_.SAMAccountName}


    Hasan

    Tuesday, September 30, 2014 9:43 PM

All replies

  • Can you please post the exact error?
    Tuesday, September 30, 2014 11:02 PM
  • Hi Hasan,

    Please run following command to remove a single test user from all groups:

    Get-QADUser -Name $username | Remove-QADMemberOf -RemoveAll

    Also find a similar thread for your reference:

    Issue Removing Cross-Domain Groups - Remove-QADMemberOf / Remove-QADGroupMember

    http://social.technet.microsoft.com/Forums/scriptcenter/en-US/f26f740f-909e-4533-914c-4a63a50105c2/issue-removing-crossdomain-groups-removeqadmemberof-removeqadgroupmember?forum=ITCG

     

    Thanks


    Mavis Huang
    TechNet Community Support


    Wednesday, October 1, 2014 9:12 AM
    Moderator
  • Hi Hasan,

    Please run following command to remove a single test user from all groups:

    Get-QADUser -Name $username | Remove-QADMemberOf -RemoveAll

    Also find a similar thread for your reference:

    Issue Removing Cross-Domain Groups - Remove-QADMemberOf / Remove-QADGroupMember

    http://social.technet.microsoft.com/Forums/scriptcenter/en-US/f26f740f-909e-4533-914c-4a63a50105c2/issue-removing-crossdomain-groups-removeqadmemberof-removeqadgroupmember?forum=ITCG

     

    Thanks


    Mavis Huang
    TechNet Community Support


    This is not working for multiple users. I am using this script

    Import-Csv testusers.csv | foreach {
    #adds the username value from the csv to a variable called $user
    $user = $_.username
    #Reads the user information for AD for each user in the csv and gets the group membership for that user
    (Get-QADUser $user).memberOf | Get-QADGroup | foreach {
    #removes the user from the groups it belongs to
    Remove-QADGroupMember $_.name -Member $user
    }
    }  

    Source: http://social.technet.microsoft.com/Forums/exchange/en-US/56144a78-7178-45e2-bbd0-fd9fad5959dc/removing-group-membership-from-many-users?forum=winserverDS 

    It is giving me following error:

    Get-QADUser : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argument that
    is not null or empty and then try the command again.
    At C:\Users\ddddd\Desktop\test.ps1:5 char:14
    +     (Get-QADUser <<<<  $user).memberOf | Get-QADGroup | foreach {
        + CategoryInfo          : InvalidData: (:) [Get-QADUser], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlet
       s.GetUserCmdlet


    Hasan

    Wednesday, October 1, 2014 6:32 PM
  • Hi Hasan,

    Based on the error message, it means that the Get-QADUser cmdlet's -Identity parameter is null. Like this:

    Get-QADUser -Identity ""

     

    Thanks


    Mavis Huang
    TechNet Community Support

    Thursday, October 2, 2014 3:09 AM
    Moderator
  • Hi Hasan,

    Based on the error message, it means that the Get-QADUser cmdlet's -Identity parameter is null. Like this:

    Get-QADUser -Identity ""

     

    Thanks


    Mavis Huang
    TechNet Community Support

    But it is not null, i am getting user list from CSV. Am i doing something wrong? 

    Hasan

    Thursday, October 2, 2014 3:54 AM
  • Hope this helps!!

    #Import CSV File containing Users #Column Name should be Users and it must contain PrimarySMTPAddress of the user $Users = Import-Csv InputFile.csv |%{$_.Users} # looping through Each user in $Users Loop imported from CSV File foreach($ThisUser in $Users) { "$ThisUser - Processing....`n" #Get Mail Enabled Distribution Group Info $DistributionGroup = Get-DistributionGroup -ResultSize Unlimited | where { (Get-DistributionGroupMember $_ | foreach {$_.PrimarySmtpAddress}) -contains $ThisUser} #Loop Through Distribution Groups in which the User is MemberOf foreach($ThisDG in $DistributionGroup) { "$ThisDG - Processing...`n" "Removing User - $ThisUser from Group - $ThisDG....`n" #Remove Group membership for the user Remove-DistributionGroupMember $ThisDG -Member $ThisUser -Confirm:$False } }



    M.P.K ~ ( Exchange | 2003/2007/2010/E15(2013)) ~~ Please remember to click “Vote As Helpful" if it really helps and "Mark as Answer” if it answers your question, “Unmark as Answer” if a marked post does not actually answer your question. ~~ This Information is provided is "AS IS" and confers NO Rights!!

    • Proposed as answer by PK M Tuesday, October 21, 2014 2:18 PM
    Monday, October 6, 2014 12:25 PM