AD用户移除所属组

AD用户移除所属组:

#删除离职人员所属组
Import-Module ActiveDirectory
$users = Get-ADUser -Filter 'Enabled -eq "False"' -SearchBase "OU=Del_User,DC=yx,DC=com"
foreach ($user in $users[0..3])
    {
    $uname = $user.SamAccountName
    $uname
    [array]$Membership = Get-ADPrincipalGroupMembership $uname | ? {$_.name -ne "Domain Users"}
    if ( $Membership.count -ne 0 )
        {
        $Membership.distinguishedName
        Remove-ADPrincipalGroupMembership -identity $uname -MemberOf $Membership.distinguishedName -confirm:$False
        }
    }

 

posted on 2016-07-26 16:32  momingliu11  阅读(1428)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 momingliu11
Powered by .NET 9.0 on Kubernetes