PowerShell : Remove all group memberships of every user in an OU

Posted on 2012-08-27
Last Modified: 2012-08-28
I'd like to have a powershell script that I can give a base OU and have the script walk through every user in that OU and remove the every group from each member in that OU. The end result would be that I would have an OU full of users which are a part of no security groups. Thank you in advance!

Question by:ssd-tech
    LVL 37

    Accepted Solution


    You need the free Quest cmdlets to run this script. This script will removed membership in all groups, including distribution groups. It is a little more complicated to exclude distribution groups but if you need to do that I can modify the script. You need to enter the OU in the format: 'OU=users,DC=domain,DC=com'

    $OU = Read-Host "Enter OU:"
    $Users = Get-QADUser -SizeLimit 0 -SearchRoot $OU
    foreach ($user in $Users) {
    	Remove-QADMemberOf -Identity $user.dn -RemoveAll

    Open in new window


    Author Closing Comment

    This was EXACTLY what I was looking for. Thank you!


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now