如果用户是B组的成员,则从组A中删除用户

时间:2017-02-13 08:59:19

标签: powershell active-directory

我有两组;组A和组B.如果用户是组B的一部分,那么我想从组A中删除它们。这是因为组是互斥的。

我找到了一些脚本可以从组中删除用户,但不会在用户属于另一个组的情况下删除。

有人可以帮忙吗?

2 个答案:

答案 0 :(得分:0)

试试这个:

$user = "TestUser"

$groupA = Get-ADGroupMember -Identity "Group A" -Recursive | Select -ExpandProperty Name
$groupB = Get-ADGroupMember -Identity "Group B" -Recursive | Select -ExpandProperty Name

If (($groupA -contains $user) -and ($groupB -contains $user)) {
      Write-Host "$user is a member of groupA and groupB"
      Remove-ADGroupMember -Identity "Group B" -Member $user
 }

答案 1 :(得分:0)

这将遍历B组的所有成员,并且(如果他们是成员)将其从A组中删除。

# Get all members of the GroupB.
Foreach ($User In Get-ADGroupMember -Identity "Group B")
{
    # If they are a 'MemberOf' GroupA
    If ((Get-ADUser $User.SamAccountName -Properties MemberOf).MemberOf -Contains "Group A")
    {
        # Remove that user from GroupA
        Remove-ADGroupMember -Identity "Group A" -Members $User.SamAccountName
    }
}
相关问题
最新问题