Powershell: Remove all group memberships except "Domain Users" for disabled accounts

http://social.technet.microsoft.com/Forums/en-US/exchangesvradminlegacy/thread/0e56cb01-e59d-4b68-85ab-66e7e3c6ed27/

You should be able to put the users in a csv file and run that script to remove them.

Also, you can ctrl select and edit group memberships if there's not a ton of deactivated users.

something like >> http://serverfault.com/questions/402827/how-to-select-a-user-and-remove-all-groups-they-are-a-member-of-using-powershell

Innocentdevil,

That script looks good, but from what I can see - there is an interactive element.

$DisableIni = Read-host "Enter initials of the user you want to disable"
$DisableUser = Get-QADUser $DisableIni

# Check Groupmembership and populate the list to Notes
$groupmemberof=$DisableUser.memberof | Get-QADGroup
      Foreach ($Group in $groupmemberof)
    {$DisNotes = (get-qaduser $DisableIni).notes
    Set-qaduser $DisableIni -notes "$DisNotes $Group;"}

# Remove all memberships from the user except for "Domain Users"
$DisableUser.memberOf | Get-QADGroup | where {$_.name -notmatch '^users|domain users$'} | Remove-QADGroupMember -member $DisableIni

Select allOpen in new window

I don't want to enter the initials for every disabled user, I would like the script to search for disabled users, then remove all group memberships except for the "Domain Users" group.

Can someone please modify the above script for me? I'm a novice Powershell user.

Thanks,

A.

Thanks Subsun. That was perfect! Just one question, what is the purpose of the  "-SizeLimit 0" variable?

Cheers,

A.

"-SizeLimit 0"  is to retrieve unlimited number of users. By default command will retrieve only 1000 users. If you think you domain have less than thousand disabled users then you don't have to use this parameter.. :)

Thanks again Subsun! You are the best!

Once again Subsun to the rescue. Quick with his responses, and always willing to help out the "novice" users.