Bulk remove Computers from AD Groups
Posted on 2012-09-14
We are are facing trouble performing bulk removal of computers from multile AD groups.
For several weeks we have been using the DSMOD GROUP command to remove the computers in a batch file, this works well but the script takes hours to perform the removals.
We have thousands of machines which we need to remove from hundreds of groups, we use the below command for each group/machine in a batch file:
DSMOD GROUP "CN=abcgrp,OU=abcOU,DC=abcinc,DC=com" -RMMBR "CN=Comp1XXX,OU=Computers,DC=abcinc,DC=com"
DSMOD GROUP "CN=xyzgrp,OU=abcOU,DC=abcinc,DC=com" -RMMBR "CN=Comp2ABC,OU=Computers,DC=abcinc,DC=com"
Our batch file has several hundred lines of commands similar to the above and this obviously takes hours to finish.
Is there any better way to perform the removals in bulk and fairly very quickly?
Like we have list of groups in a file and device list in other file, loop through each group and remove the devices listed in the other file? Will this approach works faster?
Appreciate if someone can post a Batch script to achieve the above as we are really struggling with this and we end up staying hours in office to check if the removals have completed based on which we proceed to perform other activities.