[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Powershell Script that would mass delete groups from list

Posted on 2009-04-27
20
Medium Priority
?
1,207 Views
Last Modified: 2014-10-08
Hey guys!!

I am working on an Active Directory group cleanup (to the tune of 600+ groups deleted and 450+ groups created and populated) project.

I got help from EE last week on how to create a list of groups from a reference .CSV file. I am trying to get a script going that would reference a list of Groups(i..e):

Information Technology
Information Technology-Private Files
Information Technology-Mail Distribution

...and delete them from AD



I have the Quest cmdlets installed.


Any help you could provide would be awesome!
0
Comment
Question by:brianroma
  • 10
  • 9
20 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24241611

Assuming you have a text file again :)

It'll ask for confirmation, but mass deletion like this needs a lot of care so I've popped on the "-WhatIf" switch for now. Means it won't actually do anything, just says what would happen if you really ran it.

Chris
Get-Content "Groups.txt" | %{ Get-QADGroup $_ | Remove-QADObject -WhatIf }

Open in new window

0
 

Author Comment

by:brianroma
ID: 24241831
Thanks for your help, Chris!

Is there a way to have the script run without confirming the deletion of every group? I have a test AD environment that I can add/delete OUs/groups/users with no  problem. Thanks for the thought with adding -WhatIf !!


Thanks very much for the fast response!

B
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24241882

Sure, with the -Confirm switch if you're absolutely sure of what it's going to delete :)

Chris
Get-Content "Groups.txt" | %{ Get-QADGroup $_ | Remove-QADObject -Confirm }

Open in new window

0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:brianroma
ID: 24242204
I am getting an error in the PowerGUI Script Editor when I debug:


I have tried:

Get-Content "MassDeleteGroup.txt" | %{ Get-QADGroup $_ | Remove-QADObject-Confirm }

I still get the confirmation delete box on every group. I then get the following error:

Exception from HRESULT: 0x80072035)
At :line:1 char:73
+ Get-Content "MassDeleteGroup.txt" | %{ Get-QADGroup $_ | Remove-QADObject <<<<  -Confirm }

I also tried


Get-Content "MassDeleteGroup.txt" | %{ Get-QADGroup $_ | Remove-QADObject -force }

I do not get the confirmation delete box on every group but I still see the error:

Exception from HRESULT: 0x80072035)
At :line:1 char:73
+ Get-Content "MassDeleteGroup.txt" | %{ Get-QADGroup $_ | Remove-QADObject <<<<  -force }


Thanks Again!
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242359

Hmmm okay, so it's not quite that simple then. Lets break it up a bit and take a look at a few possibilities.

Chris
Get-Content "MassDeleteGroup.txt" | %{
  $Group = Get-QADGroup $_
  # Tell us if it failed to find a group
  If (!$Group) { Write-Host "No groups found for $_" }
  # See if we have more than one group matched. That will really upset it.
  If ($Group.Count) { Write-Host "More than one group matched for $_" }
  # Attempt removal of the group if there's only one match
  If (!$Group.Count -And $Group) { Remove-QADObject $Group.DN -Force }
}

Open in new window

0
 

Author Comment

by:brianroma
ID: 24242452
OK, the script runs with no errors. The console responds with:

More than one group matched for
More than one group matched for
More than one group matched for

When I run the script
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242503

Well there we go, that would certainly do it.

For one of the groups run:

Get-QADGroup "Group Name"

And you'll see the list of results returned. We can approach this in a different way if one of the group names is exactly right and the result are just like "Group Name and something else" rather than just "Group Name".

To do that, we would modify our Get-QADGroup, perhaps this:

Get-QADGroup -LdapFilter "(name=$_)"

Or if you're running it manually:

Get-QADGroup -LdapFilter "(name=Group Name)"

Chris
0
 

Author Comment

by:brianroma
ID: 24242754
OK, I am running the following scripts in order:

DistroGroupCreate.ps1

#This Script will Create Universal Distribution groups in the "Distribution Groups" OU under the "Domain Groups" OU in the MUDTEST.com domain. The DistroGroupsList.txt file must be in the same folder as the ps1 script file
$OU = "OU=Distribution Groups,OU=Domain Groups,DC=MUDTEST,DC=com"
$GroupType = "Distribution"
$GroupScope = "Universal"

Get-Content "DistroGroupsList.txt" | %{ If ($_ -ne "") { `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope } }

Contents of DistroGroupsList.txt text file:

Information Technology-DistroU
Infrastructure-DistroU
Business Systems-DistroU
Quality Assurance-DistroU
Project Management-DistroU


FileAccessGroupCreate.ps1

#This Script will Create Domain Local Security groups in the "File Access Groups" OU under the "Domain Groups" OU in the MUDTEST.com domain. The FileAccessGroupList.txt file must be in the same folder as the ps1 script file
$OU = "OU=File Access Groups,OU=Domain Groups,DC=MUDTEST,DC=com"
$GroupType = "Security"
$GroupScope = "DomainLocal"

Get-Content "FileAccessGroupList.txt" | %{ If ($_ -ne "") { `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope } }


Contents of FileAccessGroupList.txt text file:

InfoTech-M-FileDL
InfoTech-RE-FileDL
Infra-M-FileDL
Infra-RE-FileDL



OrgGlobalGroupCreate.ps1

#This Script will Create global Security groups in the Organizational Groups OU under the Domain Groups OU in the MUDTEST.com domain. The OrgGlobalGroupList.txt file must be in the same folder as the ps1 script file
$OU = "OU=Organizational Groups,OU=Domain Groups,DC=MUDTEST,DC=com"
$GroupType = "Security"
$GroupScope = "Global"

Get-Content "OrgGlobalGroupList.txt" | %{ If ($_ -ne "") { `
  New-QADGroup -Name $_ -ParentContainer $OU -GroupType $GroupType -GroupScope $GroupScope } }

Contents of OrgGlobalGroupList.txt text file:

Information Technology-DeptG
Infrastructure-DivG
Business Systems-DivG
Quality Assurance-DivG


The above is just FYI--


OK, so I ran (these are the groups I had in the MassDeleteGroup.txt:


Get-QADGroup "Information Technology-DistroU"
Get-QADGroup "Infrastructure-DistroU"
Get-QADGroup "Business Systems-DistroU"
Get-QADGroup "Quality Assurance-DistroU"
Get-QADGroup "Project Management-DistroU"
Get-QADGroup "InfoTech-M-FileDL"
Get-QADGroup "InfoTech-RE-FileDL"
Get-QADGroup "Infra-M-FileDL"
Get-QADGroup "Infra-RE-FileDL"
Get-QADGroup "Information Technology-DeptG"
Get-QADGroup "Infrastructure-DivG"
Get-QADGroup "Business Systems-DivG"
Get-QADGroup "Quality Assurance-DivG"

...and I get:



Name                           Type            DN
----                           ----            --
Information Technology-DistroU group           CN=Information Technology-DistroU,OU=Distribution Groups,OU=Domain Groups,DC=mu...
Infrastructure-DistroU         group           CN=Infrastructure-DistroU,OU=Distribution Groups,OU=Domain Groups,DC=mudtest,DC...
Business Systems-DistroU       group           CN=Business Systems-DistroU,OU=Distribution Groups,OU=Domain Groups,DC=mudtest,...
Quality Assurance-DistroU      group           CN=Quality Assurance-DistroU,OU=Distribution Groups,OU=Domain Groups,DC=mudtest...
Project Management-DistroU     group           CN=Project Management-DistroU,OU=Distribution Groups,OU=Domain Groups,DC=mudtes...
InfoTech-M-FileDL              group           CN=InfoTech-M-FileDL,OU=File Access Groups,OU=Domain Groups,DC=mudtest,DC=com
InfoTech-RE-FileDL             group           CN=InfoTech-RE-FileDL,OU=File Access Groups,OU=Domain Groups,DC=mudtest,DC=com
Infra-M-FileDL                 group           CN=Infra-M-FileDL,OU=File Access Groups,OU=Domain Groups,DC=mudtest,DC=com
Infra-RE-FileDL                group           CN=Infra-RE-FileDL,OU=File Access Groups,OU=Domain Groups,DC=mudtest,DC=com
Information Technology-DeptG   group           CN=Information Technology-DeptG,OU=Organizational Groups,OU=Domain Groups,DC=mu...
Infrastructure-DivG            group           CN=Infrastructure-DivG,OU=Organizational Groups,OU=Domain Groups,DC=mudtest,DC=com
Business Systems-DivG          group           CN=Business Systems-DivG,OU=Organizational Groups,OU=Domain Groups,DC=mudtest,D...
Quality Assurance-DivG         group           CN=Quality Assurance-DivG,OU=Organizational Groups,OU=Domain Groups,DC=mudtest,...









0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242802

Hmm well that all looks file. Perhaps give this a shot.

Chris
Get-Content "MassDeleteGroup.txt" | %{ 
  Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force
}

Open in new window

0
 

Author Comment

by:brianroma
ID: 24242850
I ran:

Get-Content "MassDeleteGroup.txt" | %{
  Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force
}


and got:


The (&(objectCategory=group)(name=)) search filter is invalid.
At :line:2 char:34
+   Remove-QADObject $((Get-QADGroup <<<<  -LdapFilter "(name=$_)").DN) -Force
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242879

It had a blank line passed into it :)

Modified this so it shows which group it's trying to work on.

Chris
Get-Content "MassDeleteGroup.txt" | %{
  Write-Host "Group Name: $_"
  Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force
}

Open in new window

0
 

Author Comment

by:brianroma
ID: 24242963
All groups were removed but I am seeing:



Group Name: Information Technology-DistroU
Group Name: Infrastructure-DistroU
Group Name: Business Systems-DistroU
Group Name: Quality Assurance-DistroU
Group Name: Project Management-DistroU
Group Name: InfoTech-M-FileDL
Group Name: InfoTech-RE-FileDL
Group Name: Infra-M-FileDL
Group Name: Infra-RE-FileDL
Group Name: Information Technology-DeptG
Group Name: Infrastructure-DivG
Group Name: Business Systems-DivG
Group Name: Quality Assurance-DivG
Group Name:
The (&(objectCategory=group)(name=)) search filter is invalid.
At :line:3 char:34
+   Remove-QADObject $((Get-QADGroup <<<<  -LdapFilter "(name=$_)").DN) -Force

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24242989

There's a trailing blank line in the text file that's all. We can test for it in the loop and avoid it in future:

Get-Content "MassDeleteGroup.txt" | %{
  If ($_.Trim() -ne "") { Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force }
}

Added "Trim" to have it pick off any leading or tailing blank spaces, just in case it's a line with a few spaces on it.

Chris
0
 

Author Comment

by:brianroma
ID: 24243066
I was dumb--LOL!  I should have looked for blank lines in the .txt file.

When I pull the extra blanks out when I run:

Get-Content "MassDeleteGroup.txt" | %{
  Write-Host "Group Name: $_"
  Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force
}



but when I run

Get-Content "MassDeleteGroup.txt" | %{
  If ($_.Trim() -ne "") { Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force }
}

I see:


The argument cannot be null or empty.
At :line:2 char:42
+   If ($_.Trim() -ne "") { Remove-QADObject <<<<  $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force }




Thanks for all of your hard work!

B
0
 

Author Comment

by:brianroma
ID: 24243082
I meant to say:

When I pull the extra blanks out when I run this, it works:

Get-Content "MassDeleteGroup.txt" | %{
  Write-Host "Group Name: $_"
  Remove-QADObject $((Get-QADGroup -LdapFilter "(name=$_)").DN) -Force
}

0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24243094

I guess we still need to make sure it's found the group :)

Chris
Get-Content "MassDeleteGroup.txt" | %{
  If ($_.Trim() -ne "") {
    $Group = Get-QADGroup -LdapFilter "(name=$_)"
    If ($Group) { Remove-QADObject $($Group.DN) -Force }
  }
}

Open in new window

0
 

Author Closing Comment

by:brianroma
ID: 31574918
Ok, that worked--WHEW!!!

Glad you had your Wheaties this morning!!

We gotta get you caught up to BSonPosh--I am just trying to do my part :-)

Have a good week

Brian
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24243235

lol thanks :)

Chris
0
 

Expert Comment

by:Kenneth Skogstrand
ID: 40368363
How do you manage to get this PS command to run in an specific OU ?
Or isn't that so important when you refer to a text file containing the names of the groups?

Best regards,
Kenneth
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40368528
Configure a search root:

Get-QADGroup -LdapFilter "(name=$_)" -SearchRoot "OU=Somewhere,DC=domain,DC=com"

Chris
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Loops Section Overview

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question