Quantcast
Channel: PowerShell.com – PowerShell Scripts, Tips, Forums, and Resources: Active Threads
Viewing all articles
Browse latest Browse all 8411

Find disabled users - Remove them from any group they are members of where the group name begins with "AW_"

$
0
0

The title pretty much sums up what I'm attempting to script, but...

I'm attempting to put together a script that:

1. searches for disabled users
2. removes any of those disabled users from group that begin with "AW_" 

So far I've written a script that works fine, but inefficiently:

--------------------
$DisabledUsers = Search-ADAccount -AccountDisabled -usersonly

$AWGroups = Get-ADGroup -Filter {name -like "AW_*"} -Properties Description
 
foreach ($user in $DisabledUsers) { foreach ($group in $AWGroups) {remove-adgroupmember $group –members $user -confirm:$False}}
-------------------- 

The last line attempts to remove each $user in $disabled users from any $group in $AWGroups, WITHOUT CHECKING for group membership. This seems a bit inefficient. 

I've been trying to expand the last step in the process to check {if $User in $DisabledUsers is a member of any $group in $AWGroups before attempting to remove the user from those groups:

--------------------
 foreach ($user in $DisabledUsers){foreach ($group in $AWGroups){If (Get-ADUser $User -Properties MemberOf $group){remove-adgroupmember $group –members $user -confirm:$False}}
--------------------

...The above is not working as expected. Any suggestions? 


Viewing all articles
Browse latest Browse all 8411

Trending Articles