如果他们在AD上的employeeNumber属性中有任何值,我想从组中删除成员。我可以使用Get-ADGroupMember返回组中的所有成员,但是如何迭代以删除具有值的成员?
答案 0 :(得分:2)
尝试这样的方法来枚举具有属性集的组成员:
Get-ADGroupMember 'groupname' | Get-ADUser -Properties * |
? { $_.employeeNumber -ne $null }
要从群组中删除这些成员,您必须添加第二步,如下所示:
$membersToRemove = Get-ADGroupMember 'groupname' `
| Get-ADUser -Properties * `
| ? { $_.employeeNumber -ne $null } `
| % { $_.sAMAccountName }
Remove-ADGroupMember 'groupname' $membersToRemove
答案 1 :(得分:1)
$members = Get-ADGroupMember -Identity group1 |
Where-Object { (Get-ADUser -Filter {SamAccountName -eq $_.SamAccountName} -Properties EmployeeNumber).EmployeeNumber }
Remove-ADGroupMember -Identity group1 -Members $members -Confirm:$false