Hi,
I can add a computer object to an AD group using this method:
$Group = ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
$Client =
([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=uk")
$Group.member += $Client.distinguishedName
$Group.psbase.CommitChanges()
But how would I remove it again? when I try this:
$Group.member -= $Client.distinguishedName
it gives this error
Method invocation failed because
[System.DirectoryServices.PropertyValueCollection] doesn't contain a
method named 'op_
Subtraction'.
At line:1 char:17
+ $Group.member -= <<<< $Client.distinguishedName
Remove active directory object from group
- 04 Jan 2007 #1
char1iecha1k GuestMy System SpecsRemove active directory object from group
- 04 Jan 2007 #2
Tom G. GuestMy System SpecsRe: Remove active directory object from group
I usually do it like this.
$group = new-object System.DirectoryServices.DirectoryEntry($groupDN)
$group.psbase.properties["member"].remove($userDN)
$group.psbase.commitChanges()
Tom G.
--
char1iecha1k wrote:
> Hi,
>
> I can add a computer object to an AD group using this method:
>
> $Group = ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> $Client =
> ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=uk")
> $Group.member += $Client.distinguishedName
> $Group.psbase.CommitChanges()
>
> But how would I remove it again? when I try this:
>
> $Group.member -= $Client.distinguishedName
>
> it gives this error
>
> Method invocation failed because
> [System.DirectoryServices.PropertyValueCollection] doesn't contain a
> method named 'op_
> Subtraction'.
> At line:1 char:17
> + $Group.member -= <<<< $Client.distinguishedName
- 04 Jan 2007 #3
char1iecha1k GuestMy System SpecsRe: Remove active directory object from group
I tried this:
$Group.member -- $Client.distinguishedName
and got this error:
Unexpected token 'Client' in expression or statement.
At line:1 char:29
+ $Group.member -- $Client. <<<< distinguishedName
On Jan 4, 6:48 pm, "Tom G." <thomg...@lycos.com> wrote:
> I usually do it like this:
>
> --
>
> char1iecha1k wrote:
> > Hi,
>
> > I can add a computer object to an AD group using this method:
>
> > $Group = ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > $Client =
> > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=uk")
> > $Group.member += $Client.distinguishedName
> > $Group.psbase.CommitChanges()
>
> > But how would I remove it again? when I try this:
>
> > $Group.member -= $Client.distinguishedName
>
> > it gives this error
>
> > Method invocation failed because
> > [System.DirectoryServices.PropertyValueCollection] doesn't contain a
> > method named 'op_
> > Subtraction'.
> > At line:1 char:17
> > + $Group.member -= <<<< $Client.distinguishedName
- 04 Jan 2007 #4
Tom G. GuestMy System SpecsRe: Remove active directory object from group
That was a premature submission. Sorry for the confusion. Please see my
second submission.
Tom G.
--
char1iecha1k wrote:
> I tried this:
>
> $Group.member -- $Client.distinguishedName
>
> and got this error:
>
> Unexpected token 'Client' in expression or statement.
> At line:1 char:29
> + $Group.member -- $Client. <<<< distinguishedName
>
>
> On Jan 4, 6:48 pm, "Tom G." <thomg...@lycos.com> wrote:
> > I usually do it like this:
> >
> > --
> >
> > char1iecha1k wrote:
> > > Hi,
> >
> > > I can add a computer object to an AD group using this method:
> >
> > > $Group =
> > > ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > > $Client =
> > > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=u
> > > k") $Group.member += $Client.distinguishedName
> > > $Group.psbase.CommitChanges()
> >
> > > But how would I remove it again? when I try this:
> >
> > > $Group.member -= $Client.distinguishedName
> >
> > > it gives this error
> >
> > > Method invocation failed because
> > > [System.DirectoryServices.PropertyValueCollection] doesn't
> > > contain a method named 'op_
> > > Subtraction'.
> > > At line:1 char:17
> > > + $Group.member -= <<<< $Client.distinguishedName
- 04 Jan 2007 #5
char1iecha1k GuestMy System SpecsRe: Remove active directory object from group
here is what i get when i do that
PS C:\> $groupdn
distinguishedName
-----------------
{CN=test group,CN=Users,DC=foobar,DC=co,DC=uk}
PS C:\> $clientdn
distinguishedName
-----------------
{CN=test pc,OU=XPClients,DC=foobar,DC=co,DC=uk}
PS C:\> $group = new-object
System.DirectoryServices.DirectoryEntry($groupDN)
New-Object : Exception calling ".ctor" with "1" argument(s): "The value
provided for adsObject does not implement IADs.
"
At line:1 char:20
+ $group = new-object <<<<
System.DirectoryServices.DirectoryEntry($groupDN)
On Jan 4, 6:55 pm, "Tom G." <thomg...@lycos.com> wrote:
> I usually do it like this.
>
> $group = new-object System.DirectoryServices.DirectoryEntry($groupDN)
> $group.psbase.properties["member"].remove($userDN)
> $group.psbase.commitChanges()
>
> Tom G.
> --
>
> char1iecha1k wrote:
> > Hi,
>
> > I can add a computer object to an AD group using this method:
>
> > $Group = ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > $Client =
> > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=uk")
> > $Group.member += $Client.distinguishedName
> > $Group.psbase.CommitChanges()
>
> > But how would I remove it again? when I try this:
>
> > $Group.member -= $Client.distinguishedName
>
> > it gives this error
>
> > Method invocation failed because
> > [System.DirectoryServices.PropertyValueCollection] doesn't contain a
> > method named 'op_
> > Subtraction'.
> > At line:1 char:17
> > + $Group.member -= <<<< $Client.distinguishedName
- 04 Jan 2007 #6
Tom G. GuestMy System SpecsRe: Remove active directory object from group
The groupDN variable must contain a string formatted like the
following: "LDAP://CN=test group,OU=SomeOU,DC=foo,DC=bar,DC=com"
Tom G.
--
char1iecha1k wrote:
> here is what i get when i do that
>
> PS C:\> $groupdn
>
> distinguishedName
> -----------------
> {CN=test group,CN=Users,DC=foobar,DC=co,DC=uk}
>
>
> PS C:\> $clientdn
>
> distinguishedName
> -----------------
> {CN=test pc,OU=XPClients,DC=foobar,DC=co,DC=uk}
>
>
> PS C:\> $group = new-object
> System.DirectoryServices.DirectoryEntry($groupDN)
>
> New-Object : Exception calling ".ctor" with "1" argument(s): "The
> value provided for adsObject does not implement IADs.
> "
> At line:1 char:20
> + $group = new-object <<<<
> System.DirectoryServices.DirectoryEntry($groupDN)
>
> On Jan 4, 6:55 pm, "Tom G." <thomg...@lycos.com> wrote:
> > I usually do it like this.
> >
> > $group = new-object
> > System.DirectoryServices.DirectoryEntry($groupDN)
> > $group.psbase.properties["member"].remove($userDN)
> > $group.psbase.commitChanges()
> >
> > Tom G.
> > --
> >
> > char1iecha1k wrote:
> > > Hi,
> >
> > > I can add a computer object to an AD group using this method:
> >
> > > $Group =
> > > ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > > $Client =
> > > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=u
> > > k") $Group.member += $Client.distinguishedName
> > > $Group.psbase.CommitChanges()
> >
> > > But how would I remove it again? when I try this:
> >
> > > $Group.member -= $Client.distinguishedName
> >
> > > it gives this error
> >
> > > Method invocation failed because
> > > [System.DirectoryServices.PropertyValueCollection] doesn't
> > > contain a method named 'op_
> > > Subtraction'.
> > > At line:1 char:17
> > > + $Group.member -= <<<< $Client.distinguishedName
- 04 Jan 2007 #7
char1iecha1k GuestMy System SpecsRe: Remove active directory object from group
OK, that seems to get me further, but now I am getting this error when
i try this:
PS C:\> $group.psbase.commitchanges()
Exception calling "CommitChanges" with "0" argument(s): "The server is
unwilling to process the request. (Exception fro
m HRESULT: 0x80072035)"
At line:1 char:28
+ $group.psbase.commitchanges( <<<< )
However I think this is an error with permissions/security on the PDC
On Jan 4, 7:57 pm, "Tom G." <thomg...@lycos.com> wrote:
> The groupDN variable must contain a string formatted like the
> following: "LDAP://CN=test group,OU=SomeOU,DC=foo,DC=bar,DC=com"
>
> Tom G.
> --
>
> char1iecha1k wrote:
> > here is what i get when i do that
>
> > PS C:\> $groupdn
>
> > distinguishedName
> > -----------------
> > {CN=test group,CN=Users,DC=foobar,DC=co,DC=uk}
>
> > PS C:\> $clientdn
>
> > distinguishedName
> > -----------------
> > {CN=test pc,OU=XPClients,DC=foobar,DC=co,DC=uk}
>
> > PS C:\> $group = new-object
> > System.DirectoryServices.DirectoryEntry($groupDN)
>
> > New-Object : Exception calling ".ctor" with "1" argument(s): "The
> > value provided for adsObject does not implement IADs.
> > "
> > At line:1 char:20
> > + $group = new-object <<<<
> > System.DirectoryServices.DirectoryEntry($groupDN)
>
> > On Jan 4, 6:55 pm, "Tom G." <thomg...@lycos.com> wrote:
> > > I usually do it like this.
>
> > > $group = new-object
> > > System.DirectoryServices.DirectoryEntry($groupDN)
> > > $group.psbase.properties["member"].remove($userDN)
> > > $group.psbase.commitChanges()
>
> > > Tom G.
> > > --
>
> > > char1iecha1k wrote:
> > > > Hi,
>
> > > > I can add a computer object to an AD group using this method:
>
> > > > $Group =
> > > > ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > > > $Client =
> > > > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=u
> > > > k") $Group.member += $Client.distinguishedName
> > > > $Group.psbase.CommitChanges()
>
> > > > But how would I remove it again? when I try this:
>
> > > > $Group.member -= $Client.distinguishedName
>
> > > > it gives this error
>
> > > > Method invocation failed because
> > > > [System.DirectoryServices.PropertyValueCollection] doesn't
> > > > contain a method named 'op_
> > > > Subtraction'.
> > > > At line:1 char:17
> > > > + $Group.member -= <<<< $Client.distinguishedName
- 05 Jan 2007 #8
/\/\o\/\/ [MVP] GuestMy System SpecsRe: Remove active directory object from group
most likely the DN name is not correct, note that LDAP:// must NOT be incluyded
gr /\/\o\/\/
"char1iecha1k" wrote:
> OK, that seems to get me further, but now I am getting this error when
> i try this:
>
> PS C:\> $group.psbase.commitchanges()
>
> Exception calling "CommitChanges" with "0" argument(s): "The server is
> unwilling to process the request. (Exception fro
> m HRESULT: 0x80072035)"
> At line:1 char:28
> + $group.psbase.commitchanges( <<<< )
>
> However I think this is an error with permissions/security on the PDC
>
> On Jan 4, 7:57 pm, "Tom G." <thomg...@lycos.com> wrote:
> > The groupDN variable must contain a string formatted like the
> > following: "LDAP://CN=test group,OU=SomeOU,DC=foo,DC=bar,DC=com"
> >
> > Tom G.
> > --
> >
> > char1iecha1k wrote:
> > > here is what i get when i do that
> >
> > > PS C:\> $groupdn
> >
> > > distinguishedName
> > > -----------------
> > > {CN=test group,CN=Users,DC=foobar,DC=co,DC=uk}
> >
> > > PS C:\> $clientdn
> >
> > > distinguishedName
> > > -----------------
> > > {CN=test pc,OU=XPClients,DC=foobar,DC=co,DC=uk}
> >
> > > PS C:\> $group = new-object
> > > System.DirectoryServices.DirectoryEntry($groupDN)
> >
> > > New-Object : Exception calling ".ctor" with "1" argument(s): "The
> > > value provided for adsObject does not implement IADs.
> > > "
> > > At line:1 char:20
> > > + $group = new-object <<<<
> > > System.DirectoryServices.DirectoryEntry($groupDN)
> >
> > > On Jan 4, 6:55 pm, "Tom G." <thomg...@lycos.com> wrote:
> > > > I usually do it like this.
> >
> > > > $group = new-object
> > > > System.DirectoryServices.DirectoryEntry($groupDN)
> > > > $group.psbase.properties["member"].remove($userDN)
> > > > $group.psbase.commitChanges()
> >
> > > > Tom G.
> > > > --
> >
> > > > char1iecha1k wrote:
> > > > > Hi,
> >
> > > > > I can add a computer object to an AD group using this method:
> >
> > > > > $Group =
> > > > > ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > > > > $Client =
> > > > > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=u
> > > > > k") $Group.member += $Client.distinguishedName
> > > > > $Group.psbase.CommitChanges()
> >
> > > > > But how would I remove it again? when I try this:
> >
> > > > > $Group.member -= $Client.distinguishedName
> >
> > > > > it gives this error
> >
> > > > > Method invocation failed because
> > > > > [System.DirectoryServices.PropertyValueCollection] doesn't
> > > > > contain a method named 'op_
> > > > > Subtraction'.
> > > > > At line:1 char:17
> > > > > + $Group.member -= <<<< $Client.distinguishedName
>
>
- 05 Jan 2007 #9
char1iecha1k GuestMy System SpecsRe: Remove active directory object from group
Im sure the DN name is correct and I changed the string as shown below
but still get an error:
PS C:\Documents and Settings\Administrator> $client
distinguishedName
-----------------
{CN=TEST-01,OU=XPClients,DC=testdomain,DC=co,DC=uk}
PS C:\Documents and Settings\Administrator> $group
distinguishedName
-----------------
{CN=Test Group,CN=Users,DC=testdomain,DC=co,DC=uk}
PS C:\Documents and Settings\Administrator>
$group.psbase.properties["member"].remove("CN=TEST-01,OU=XPClients,DC=testdomain,DC=co,DC=uk")
PS C:\Documents and Settings\Administrator>
$group.psbase.commitChanges()
Exception calling "CommitChanges" with "0" argument(s): "The server is
unwilling to process the request. (Exception fro
m HRESULT: 0x80072035)"
At line:1 char:28
+ $group.psbase.commitChanges( <<<< )
PS C:\Documents and Settings\Administrator>
On Jan 5, 10:38 am, /\/\o\/\/ [MVP] <o...@discussions.microsoft.com>
wrote:
> most likely the DN name is not correct, note that LDAP:// must NOT be incluyded
>
> gr /\/\o\/\/
>
> "char1iecha1k" wrote:
> > OK, that seems to get me further, but now I am getting this error when
> > i try this:
>
> > PS C:\> $group.psbase.commitchanges()
>
> > Exception calling "CommitChanges" with "0" argument(s): "The server is
> > unwilling to process the request. (Exception fro
> > m HRESULT: 0x80072035)"
> > At line:1 char:28
> > + $group.psbase.commitchanges( <<<< )
>
> > However I think this is an error with permissions/security on the PDC
>
> > On Jan 4, 7:57 pm, "Tom G." <thomg...@lycos.com> wrote:
> > > The groupDN variable must contain a string formatted like the
> > > following: "LDAP://CN=test group,OU=SomeOU,DC=foo,DC=bar,DC=com"
>
> > > Tom G.
> > > --
>
> > > char1iecha1k wrote:
> > > > here is what i get when i do that
>
> > > > PS C:\> $groupdn
>
> > > > distinguishedName
> > > > -----------------
> > > > {CN=test group,CN=Users,DC=foobar,DC=co,DC=uk}
>
> > > > PS C:\> $clientdn
>
> > > > distinguishedName
> > > > -----------------
> > > > {CN=test pc,OU=XPClients,DC=foobar,DC=co,DC=uk}
>
> > > > PS C:\> $group = new-object
> > > > System.DirectoryServices.DirectoryEntry($groupDN)
>
> > > > New-Object : Exception calling ".ctor" with "1" argument(s): "The
> > > > value provided for adsObject does not implement IADs.
> > > > "
> > > > At line:1 char:20
> > > > + $group = new-object <<<<
> > > > System.DirectoryServices.DirectoryEntry($groupDN)
>
> > > > On Jan 4, 6:55 pm, "Tom G." <thomg...@lycos.com> wrote:
> > > > > I usually do it like this.
>
> > > > > $group = new-object
> > > > > System.DirectoryServices.DirectoryEntry($groupDN)
> > > > > $group.psbase.properties["member"].remove($userDN)
> > > > > $group.psbase.commitChanges()
>
> > > > > Tom G.
> > > > > --
>
> > > > > char1iecha1k wrote:
> > > > > > Hi,
>
> > > > > > I can add a computer object to an AD group using this method:
>
> > > > > > $Group =
> > > > > > ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > > > > > $Client =
> > > > > > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=u
> > > > > > k") $Group.member += $Client.distinguishedName
> > > > > > $Group.psbase.CommitChanges()
>
> > > > > > But how would I remove it again? when I try this:
>
> > > > > > $Group.member -= $Client.distinguishedName
>
> > > > > > it gives this error
>
> > > > > > Method invocation failed because
> > > > > > [System.DirectoryServices.PropertyValueCollection] doesn't
> > > > > > contain a method named 'op_
> > > > > > Subtraction'.
> > > > > > At line:1 char:17
> > > > > > + $Group.member -= <<<< $Client.distinguishedName
- 06 Jan 2007 #10
A. Petitjean GuestMy System SpecsRe: Remove active directory object from group
I don't know if this could help you, but it worked for me :
http://powershell-scripting.com/inde...d=82&Itemid=71
Best regards,
Arnaud Petitjean
"char1iecha1k" wrote:
> Im sure the DN name is correct and I changed the string as shown below
> but still get an error:
>
>
> PS C:\Documents and Settings\Administrator> $client
>
> distinguishedName
> -----------------
> {CN=TEST-01,OU=XPClients,DC=testdomain,DC=co,DC=uk}
>
>
> PS C:\Documents and Settings\Administrator> $group
>
> distinguishedName
> -----------------
> {CN=Test Group,CN=Users,DC=testdomain,DC=co,DC=uk}
>
>
> PS C:\Documents and Settings\Administrator>
> $group.psbase.properties["member"].remove("CN=TEST-01,OU=XPClients,DC=testdomain,DC=co,DC=uk")
> PS C:\Documents and Settings\Administrator>
> $group.psbase.commitChanges()
> Exception calling "CommitChanges" with "0" argument(s): "The server is
> unwilling to process the request. (Exception fro
> m HRESULT: 0x80072035)"
> At line:1 char:28
> + $group.psbase.commitChanges( <<<< )
> PS C:\Documents and Settings\Administrator>
>
>
> On Jan 5, 10:38 am, /\/\o\/\/ [MVP] <o...@discussions.microsoft.com>
> wrote:
> > most likely the DN name is not correct, note that LDAP:// must NOT be incluyded
> >
> > gr /\/\o\/\/
> >
> > "char1iecha1k" wrote:
> > > OK, that seems to get me further, but now I am getting this error when
> > > i try this:
> >
> > > PS C:\> $group.psbase.commitchanges()
> >
> > > Exception calling "CommitChanges" with "0" argument(s): "The server is
> > > unwilling to process the request. (Exception fro
> > > m HRESULT: 0x80072035)"
> > > At line:1 char:28
> > > + $group.psbase.commitchanges( <<<< )
> >
> > > However I think this is an error with permissions/security on the PDC
> >
> > > On Jan 4, 7:57 pm, "Tom G." <thomg...@lycos.com> wrote:
> > > > The groupDN variable must contain a string formatted like the
> > > > following: "LDAP://CN=test group,OU=SomeOU,DC=foo,DC=bar,DC=com"
> >
> > > > Tom G.
> > > > --
> >
> > > > char1iecha1k wrote:
> > > > > here is what i get when i do that
> >
> > > > > PS C:\> $groupdn
> >
> > > > > distinguishedName
> > > > > -----------------
> > > > > {CN=test group,CN=Users,DC=foobar,DC=co,DC=uk}
> >
> > > > > PS C:\> $clientdn
> >
> > > > > distinguishedName
> > > > > -----------------
> > > > > {CN=test pc,OU=XPClients,DC=foobar,DC=co,DC=uk}
> >
> > > > > PS C:\> $group = new-object
> > > > > System.DirectoryServices.DirectoryEntry($groupDN)
> >
> > > > > New-Object : Exception calling ".ctor" with "1" argument(s): "The
> > > > > value provided for adsObject does not implement IADs.
> > > > > "
> > > > > At line:1 char:20
> > > > > + $group = new-object <<<<
> > > > > System.DirectoryServices.DirectoryEntry($groupDN)
> >
> > > > > On Jan 4, 6:55 pm, "Tom G." <thomg...@lycos.com> wrote:
> > > > > > I usually do it like this.
> >
> > > > > > $group = new-object
> > > > > > System.DirectoryServices.DirectoryEntry($groupDN)
> > > > > > $group.psbase.properties["member"].remove($userDN)
> > > > > > $group.psbase.commitChanges()
> >
> > > > > > Tom G.
> > > > > > --
> >
> > > > > > char1iecha1k wrote:
> > > > > > > Hi,
> >
> > > > > > > I can add a computer object to an AD group using this method:
> >
> > > > > > > $Group =
> > > > > > > ([ADSI]"LDAP://pdc/CN=TestGroup,DC=foobar,DC=co,DC=uk")
> > > > > > > $Client =
> > > > > > > ([ADSI]"LDAP://pdc/CN=TestClient,OU=XPClients,DC=foobar,DC=co,DC=u
> > > > > > > k") $Group.member += $Client.distinguishedName
> > > > > > > $Group.psbase.CommitChanges()
> >
> > > > > > > But how would I remove it again? when I try this:
> >
> > > > > > > $Group.member -= $Client.distinguishedName
> >
> > > > > > > it gives this error
> >
> > > > > > > Method invocation failed because
> > > > > > > [System.DirectoryServices.PropertyValueCollection] doesn't
> > > > > > > contain a method named 'op_
> > > > > > > Subtraction'.
> > > > > > > At line:1 char:17
> > > > > > > + $Group.member -= <<<< $Client.distinguishedName
>
>
Remove active directory object from group problems?
| Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Add an Active Directory Object to Organizational Unit !!!! | mamhil | PowerShell | 1 | 05 Jan 2010 |
| Active directory - object deletion with comparison to SMS 2003 objects | IT Staff | PowerShell | 6 | 10 Feb 2009 |
| Active Directory and group copy | fan.of.tarja | PowerShell | 7 | 29 Feb 2008 |
| How to add to Group in Active Directory.... And has anyone a cmdlet? | Thomas Tomiczek | PowerShell | 3 | 02 Apr 2007 |
| Group Policy for Vista in Windows 2000 Active Directory Domain | Will | Vista General | 0 | 29 Jun 2006 |
