我能够删除用户的所有成员身份。到目前为止,我已经尝试了以下脚本。我的问题是:我一直在寻找可以删除特定组成员身份的脚本。另外,我们在CSV文件中有大量用户。
$RemovefromGroups = $UserisMember.memberOf | ForEach-Object {Get-ADGroup -Filter "name -like '*group*'"}
错误消息:
Get-ADGroup : A positional parameter cannot be found that accepts argument 'CN=group_name,OU=GP,DC=contoso,DC=com'.
At line:1 char:73
+ $RemovefromGroups = $UserisMember.memberOf | ForEach-Object {Get-ADGroup <<<< $_ -Filter "name -like '*group*'"}
+ CategoryInfo : InvalidArgument: (:) [Get-ADGroup], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
代码:
#import csv info for use in foreach loop
$csv = import-csv "c:\temp\a.csv" #have header column for "userinput"
foreach ($v in $csv) {
$userinput = $v.userinput
# Remove user from all AD groups
$UserisMember = Get-ADUser $userinput -Properties memberOf
$RemovefromGroups = $UserisMember.memberOf | ForEach-Object {Get-ADGroup $_ }
$RemovefromGroups | ForEach-Object { Remove-ADGroupMember -Identity $_ -Members $UserisMember -Confirm:$false}
}
答案 0 :(得分:0)
在此管道的末尾添加一个Where-Object子句:
$RemovefromGroups = $UserisMember.memberOf | ForEach-Object {Get-ADGroup $_ }
所以变成
$RemovefromGroups = $UserisMember.memberOf | ForEach-Object {Get-ADGroup $_ } | Where-Object {$_.Name -like '*SSL_VPN*'}