https://www.rabbibob.com/index.php?title=Powershell:_Remove_AD_Group_Memberships_from_OU&feed=atom&action=historyPowershell: Remove AD Group Memberships from OU - Revision history2024-03-29T15:45:34ZRevision history for this page on the wikiMediaWiki 1.39.5https://www.rabbibob.com/index.php?title=Powershell:_Remove_AD_Group_Memberships_from_OU&diff=1336&oldid=prevRabbi Bob: /* Code */ Yikes, had Doman Users in the remove, should fail, but oof2019-05-24T14:06:52Z<p><span dir="auto"><span class="autocomment">Code: </span> Yikes, had Doman Users in the remove, should fail, but oof</span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:06, 24 May 2019</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l50">Line 50:</td>
<td colspan="2" class="diff-lineno">Line 50:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> Get-ADGroup -LDAPFilter "(member=$UserDN)" | foreach-object {</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> Get-ADGroup -LDAPFilter "(member=$UserDN)" | foreach-object {</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> #if ($_.name -notin "Domain Users","RandomSecGrp") #EXCLUSION - slightly more dangerous</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> #if ($_.name -notin "Domain Users","RandomSecGrp") #EXCLUSION - slightly more dangerous</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div> if ($_.name -in <del style="font-weight: bold; text-decoration: none;">"Domain Users",</del>"RandomSecGrp","AnotherRandomSecGrp","YARSG","WeGetIt_AnotherSecGrp")</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> if ($_.name -in "RandomSecGrp","AnotherRandomSecGrp","YARSG","WeGetIt_AnotherSecGrp")</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> {</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> {</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> $Group=$_.name</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> $Group=$_.name</div></td></tr>
</table>Rabbi Bobhttps://www.rabbibob.com/index.php?title=Powershell:_Remove_AD_Group_Memberships_from_OU&diff=1334&oldid=prevRabbi Bob: Created page with "=Purpose= This script was an extension of Powershell: AD Group Membership from OU and is quite dangerous. It will run through the designated OU and remove any security gr..."2019-05-23T20:22:31Z<p>Created page with "=Purpose= This script was an extension of <a href="/index.php/Powershell:_AD_Group_Membership_from_OU" title="Powershell: AD Group Membership from OU">Powershell: AD Group Membership from OU</a> and is quite dangerous. It will run through the designated OU and remove any security gr..."</p>
<p><b>New page</b></p><div>=Purpose=<br />
This script was an extension of [[Powershell: AD Group Membership from OU]] and is quite dangerous. It will run through the designated OU and remove any security groups designated (or you can give it a list to ignore, which is even more dangerous if you the list is empty). Has very basic logging to csv so you could rebuild if you had to.<br />
<br />
==To Do==<br />
* build in a failsafe check ala DO YOU REALLY WANT TO DO THIS?<br />
* build in a check for OUs never to run against (allow a list of OU's to be programmed that you couldn't run this against)<br />
* figure out a variable check for Test vs Nuke vs Confirm (maybe default to Test)<br />
* learn how to read in from a list into an array for a .ignore list (or .nuke list)<br />
<br />
=Code=<br />
<pre><br />
##################################################<br />
## Remove Groups from Users found in target $OU ##<br />
##################################################<br />
## To Do<br />
## - Build Output to Log [Done]<br />
## - Add Flag for Test vs Nuke vs Confirm<br />
## - Warning and Confirmation<br />
##################################################<br />
## Test<br />
## - Multiple -ne in If<br />
## - Array of Groups to ignore<br />
##################################################<br />
# Research: powershell pass variable to parameter<br />
# https://stackoverflow.com/questions/46121939/passing-a-powershell-variable-as-a-cmdlet-parameter<br />
##################################################<br />
###################################################<br />
## User Variables<br />
<br />
#$OU = "OU=,OU=,OU=,OU=,DC=rabbibob,DC=com"<br />
$OU = "OU=Users,DC=rabbibob,DC=com"<br />
####################################################<br />
<br />
## Logging Setup<br />
$Logfile = "AD_RemoveGroups_CleanUp_20190523.log"<br />
Function LogWrite<br />
{<br />
Param ([string]$logstring)<br />
<br />
Add-content $Logfile -value $logstring<br />
}<br />
<br />
# Start<br />
<br />
$GetOU = Get-ADUser -SearchBase $OU -Filter *<br />
foreach ($user in $GetOU) <br />
{<br />
$UserDN = $user.DistinguishedName<br />
$Name=$user.SamAccountName <br />
Get-ADGroup -LDAPFilter "(member=$UserDN)" | foreach-object {<br />
#if ($_.name -notin "Domain Users","RandomSecGrp") #EXCLUSION - slightly more dangerous<br />
if ($_.name -in "Domain Users","RandomSecGrp","AnotherRandomSecGrp","YARSG","WeGetIt_AnotherSecGrp")<br />
{<br />
$Group=$_.name<br />
$LogLine = $Name+","+$Group <br />
LogWrite $LogLine<br />
write-host "$Name - $Group"<br />
### RUN WITHOUT CONFIRMATION<br />
remove-adgroupmember -identity $Group -member $UserDN <br />
### RUN WITH CONFIRMATION<br />
#remove-adgroupmember -identity $Group -member $UserDN -Confirm:$False<br />
} <br />
}<br />
} <br />
<br />
<br />
<br />
<br />
<br />
</pre><br />
[[Category:Powershell]]<br />
[[Category:Weblog-2019-05]]</div>Rabbi Bob