我正在尝试使用powershell脚本从父域中的组中删除子域中的AD用户。
Remove-ADGroupMember -Identity $group -Members jdoe -confirm: $false
Error message: Cannot find and object with identity: "jdoe" under: DC: corp, DC:hello, DC=com
所以,我做了
$user = Get-Aduser -Filter {SamAccountName -eq "jdoe"} -Server child.corp.hello.com
Remove-ADGroupMember -Identity $group -Members $user -confirm: $false
Error message: The specified account name is not a member of the group
然后,我做了
Remove-ADGroupMember -Identity $group -Members $user.DistinguishedName -confirm: $false
Error Message: A referral was returned from the server.
如何从父域中的组中删除用户?
答案 0 :(得分:0)
使用Set-ADObject从群组的member属性中删除跨域条目:
$user = Get-Aduser -Filter {SamAccountName -eq "jdoe"} -Server child.corp.hello.com
Set-ADObject $group -Remove @{member=$user.DistinguishedName}