我希望从SAMAccountName,ADGroup的导入CSV文件中,从多个组中批量删除成员。我可以遍历数组中的每个记录(其中将有1600个条目),但是如果我可以整理特定组中的所有用户并向多个用户发出Remove-ADGroupMember,那会更好。 >
我不确定如何处理数组中的数据,因此它显示为ADGroup,MultipleSAMAccountNames-我可能缺少明显的东西。
示例CSV:
SAMAccountName, ADGroup
User1, GroupA
User2, GroupA
User3, GroupB
User4, GroupA
示例代码:
Import-Module ActiveDirectory
$Users = Import-CSV "Users.csv"
foreach ($User in $Users)
{
Remove-ADGroupMember -identity $User.ADGroup -Members $User.SAMAccountName
}
所需:
foreach ($Group in $Users)
{
Remove-ADGroupMember -identity $Group.ADGroup -Members $Group.MultipleSAMAccountNames
}
预先感谢
答案 0 :(得分:0)
尝试一下:
$Users = Import-CSV "Users.csv"
$Groups = $Users.ADGroup | Sort-Object -Unique
foreach ($Group in $Groups) {
Remove-ADGroupMember -identity $Group -Members ($Users | Where-Object { $_.ADGroup -eq $Group }).SamAccountName
}
Where-Object筛选与该组匹配的所有用户的$Users,然后将其结果发送到-Members参数。请注意,这是未经测试的代码,请谨慎使用。
答案 1 :(得分:0)
Mark Wragg击败了我,但这是我的(也是未经测试的)解决方案,不需要Where-Object子句:
Import-Module ActiveDirectory
# read the CSV file and group the objects by the 'ADGroup' property
$UsersAndGroups = Import-CSV "Users.csv" | Group-Object -Property ADGroup
# loop through the groups
foreach ($group in $UsersAndGroups) {
# get an array of users belonging to this group
$accounts = $group.Group | Select-Object -ExpandProperty SAMAccountName -Unique
# remove them all from the group
Remove-ADGroupMember -Identity $group.Name -Members $accounts
}
出于测试目的,请在-WhatIf命令的末尾添加Remove-ADGroupMember开关。