Solved

Remove memberships and permissions from User objects in active directory.

Posted on 2015-02-10
3
45 Views
Last Modified: 2015-02-13
Is it possible in active directory when moving a user object to an organizational unit folder (Ex: Disabled Users), that any distribution or security groups can automatically be removed from the user object?
0
Comment
Question by:Domenic DiPasquale
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40601423
To the best of my knowledge this cannot be done automatically. Typically what you would want to do is create a powershell script that removes Groups from all users in a specific OU. You would then create a scheduled task to initiate the script itself which could then be run weekly,daily,hourly etc.

If you need assistance with the powershell side i can assist.

Will.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40605509
Thanks, I'm in the process of looking at a few PS script samples in a test environment that will allow me to remove groups from user objects located in a specific OU folder.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40607984
I found a PS sample that looks like it will do what I need. I've made the changes I needed:
Import-Module activedirectory
$ou = Get‐ADUser ‐SearchBase "OU=Disabled Users,DC=csquaredlab,DC=loc" ‐Filter *
foreach ($user in $ou) {
$UserDN = $user.DistinguishedName
Get‐ADGroup ‐LDAPFilter "(member=$UserDN)" | foreach‐object {
if ($_.name -ne "Domain Users") {remove‐adgroupmember ‐identity $_.name ‐member $UserDN ‐Confirm:$False} }
}

When I run the script, I receive the following error:
The term 'Get‐ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\Administrator\Desktop\User Object Cleanup.ps1:2 char:17
+ $ou = Get‐ADUser <<<<  ‐SearchBase "OU=Disabled Users,DC=csquaredlab,DC=loc" ‐Filter *
    + CategoryInfo          : ObjectNotFound: (Get‐ADUser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
 
The term 'Get‐ADGroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\Administrator\Desktop\User Object Cleanup.ps1:5 char:12
+ Get‐ADGroup <<<<  ‐LDAPFilter "(member=$UserDN)" | foreach‐object {
    + CategoryInfo          : ObjectNotFound: (Get‐ADGroup:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

OS: Windows Server 2008 R2
Power Shell Version: 2.0
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question