I always get help/assistance in posting here so I am here again.

With the Quest AD-CMDlets, I can get a individuals group membership by
running:
(get-qaduser USERNAME@xxxxxx).memberof | get-qadgroup | ft name

What if I wanted to read in a list of usersnames from a file, and remove the
user from all groups they are currently a member of.

(with the exception of domain users which I think isn't even printed in the
command I list above because it is understood that everybody is a member of
that group)

I am thinking thwere would be two loops, one to read in the users, and
inside that loop another one that would go through each group that person is
a member of and remove them from it.

I don't have access to an AD setup at the moment but it would be something like

put the user accounts into a csv file

import-csv users.csv | foreach {

$user = get the user

foreach ($group in $user.memberof){

Remove-QADGroupmember -identity $group -member $user

}


}


Will need to add the correct properties to $group & $member - usually
distinguished name

--
Richard Siddaway
All scripts are supplied "as is" and with no warranty
PowerShell MVP
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk


"JSC" wrote:

> I always get help/assistance in posting here so I am here again.
>
> With the Quest AD-CMDlets, I can get a individuals group membership by
> running:
> (get-qaduser USERNAME@xxxxxx).memberof | get-qadgroup | ft name
>
> What if I wanted to read in a list of usersnames from a file, and remove the
> user from all groups they are currently a member of.
>
> (with the exception of domain users which I think isn't even printed in the
> command I list above because it is understood that everybody is a member of
> that group)
>
> I am thinking thwere would be two loops, one to read in the users, and
> inside that loop another one that would go through each group that person is
> a member of and remove them from it.

Thanks Shay. RichS pointed me in the right direction. And with your help I
think I can customize it to work with the removal of the persons Exchange
mailbox as well. Thanks!

"Shay Levi" wrote:

>
>
> Remove -whatIf to execute the removal:
>
>
> foreach ($user in (get-content users.txt)){
> (get-qaduser $user).memberof | Get-QADGroup | where {$_.name -ne "domain
> users"} | Remove-QADGroupMember -member $user -whatif
> }
>
>
>
>
> ---
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>

> > I always get help/assistance in posting here so I am here again.
> >
> > With the Quest AD-CMDlets, I can get a individuals group membership by
> > running:
> > (get-qaduser USERNAME@xxxxxx).memberof | get-qadgroup | ft
> > name
> > What if I wanted to read in a list of usersnames from a file, and
> > remove the user from all groups they are currently a member of.
> >
> > (with the exception of domain users which I think isn't even printed
> > in the command I list above because it is understood that everybody is
> > a member of that group)
> >
> > I am thinking thwere would be two loops, one to read in the users, and
> > inside that loop another one that would go through each group that
> > person is a member of and remove them from it.
> >

>
>
>

Remove -whatIf to execute the removal:


foreach ($user in (get-content users.txt)){
(get-qaduser $user).memberof | Get-QADGroup | where {$_.name -ne "domain
users"} | Remove-QADGroupMember -member $user -whatif
}




---
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

> I always get help/assistance in posting here so I am here again.
>
> With the Quest AD-CMDlets, I can get a individuals group membership by
> running:
> (get-qaduser USERNAME@xxxxxx).memberof | get-qadgroup | ft
> name
> What if I wanted to read in a list of usersnames from a file, and
> remove the user from all groups they are currently a member of.
>
> (with the exception of domain users which I think isn't even printed
> in the command I list above because it is understood that everybody is
> a member of that group)
>
> I am thinking thwere would be two loops, one to read in the users, and
> inside that loop another one that would go through each group that
> person is a member of and remove them from it.
>