This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Removing list of users from AD Group

Question
0

Sign in to vote

I have searched everywhere and cannot find a way to run this script using the users UPN. The .csv file that gets imported only looks for samaccountname. How can I run this with the .csv file having a list of users userprincipalname instead of samaccountname? I need to bulk remove users from an AD group. Any help is greatly appreciated.

Import-CSV "Listofusers.csv" -Header users | ForEach-Object {Remove-ADGroupMember -Identity "GROUPNAME" -members $_.users}

Thanks.

Chad Guiney

Friday, September 6, 2019 1:28 PM

Answers

0

Sign in to vote
Then a separate query is required for each user to retrieve the sAMAccountName from either the UPN or the email address. The Get-ADUser cmdlet can be used with the -Filter parameter. The Remove-ADGroupMember cmdlet does not support the -Filter parameter. To be safe, I would make sure just one user is found, whether by UPN or email. I suggest code similar to below (not tested):

$Users = Import-Csv "ListOfUsers.csv" -Header users ForEach ($User In $Users) { $Email = $User.users # Retrieve the sAMAccountName of the user with the specified email address in the CSV file. $SamName = (Get-ADUser -Filter {EmailAddress -eq $Email}).sAMAccountName # Make sure there is just one user found. Switch ($SamName.Count) { 0 {Write-Host "User with EmailAddress $Email not found"} 1 {Remove-ADGroupMember -Identity "GroupName" -Members $SamName} Default {Write-Host "More than one user found with EmailAddress $Email"} } }

I assumed the CSV has email addresses. Similar code can be used if the CSV file has userPrincipalName values.
Richard Mueller - MVP Enterprise Mobility (Identity and Access)
- Proposed as answer by Hamid Sadeghpour SalehMVP Saturday, September 7, 2019 9:48 AM
- Marked as answer by Charlie4872 Monday, September 9, 2019 12:45 PM
Saturday, September 7, 2019 12:27 AM

All replies

0

Sign in to vote

Thanks for the reply Richard. This script works fine pasting the name of the AD group instead of GROUPNAME in the script so thats no issue. The only problem I have is that the .csv file has to be a list of samaccountnames for it to work. I would like to find a way to put a list of userprincipalnames or users email address in the .csv file and have it run. Otherwise running the script when the .csv file has the samaccountnames in it does remove those users from whatever group I use in place of GROUPNAME.

Thanks.
Chad Guiney

Friday, September 6, 2019 11:49 PM
0

Sign in to vote

Hi,

Just checking in to see if the information provided by Richard was helpful.

Please let us know if you would like further assistance.

Best Regards,

Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Monday, September 9, 2019 2:16 AM
0

Sign in to vote
Richard thank you very much for this. This works perfectly! I had to add a -Confirm:$false at the end of the 1 {Remove-ADGroupMember line but it now workd EXACTLY how I was wanting it to work. You saved me a ton of time!

Thanks!
- Edited by Charlie4872 Monday, September 9, 2019 12:45 PM
Monday, September 9, 2019 12:33 PM