Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Remove an AD group from multiple servers

Posted on 2015-02-12
2
Medium Priority
?
271 Views
Last Modified: 2015-02-12
Hi EE

I have the script below that someone here helped me with to nest a Domain group into the Administrators group into multiple machines .. Would it be as easy as changing ".add" to .remove ? I tried it and it worked but I don't want to run it on 100 servers without confirmation from the experts .

$ErrorActionPreference = "Stop"
GC Servers.txt | %{
$Serv = $_
$domain="MyDomain"
$group = "GroupName"
        Try {
        ([adsi]"WinNT://$Serv/Administrators,group").Add("WinNT://$domain/$group,group")
        "" | Select @{N="Server";e={$Serv}},@{N="Status";e={"Success"}}
        }
        Catch{
        "" | Select @{N="Server";e={$Serv}},@{N="Status";e={"Failed"}}
        }
}
0
Comment
Question by:MilesLogan
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40607038
I have tried this in my lab and it also worked for me. The script looks fine in regards to this as well. Also why are you using a script to add groups to local groups on machines? You can do this very easily via GPO. Create a security group add all of the machines to it and use this group for security filtering on the GPO.

When you want to add or remove a group from this you just remove/add them to the security group in question.

Will.
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 40607132
Thanks for checking Will .. yeah GPO was not an option , too many variables .. it was just a quick temporary fix .
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question