Solved

Remove an AD group from multiple servers

Posted on 2015-02-12
2
254 Views
Last Modified: 2015-02-12
Hi EE

I have the script below that someone here helped me with to nest a Domain group into the Administrators group into multiple machines .. Would it be as easy as changing ".add" to .remove ? I tried it and it worked but I don't want to run it on 100 servers without confirmation from the experts .

$ErrorActionPreference = "Stop"
GC Servers.txt | %{
$Serv = $_
$domain="MyDomain"
$group = "GroupName"
        Try {
        ([adsi]"WinNT://$Serv/Administrators,group").Add("WinNT://$domain/$group,group")
        "" | Select @{N="Server";e={$Serv}},@{N="Status";e={"Success"}}
        }
        Catch{
        "" | Select @{N="Server";e={$Serv}},@{N="Status";e={"Failed"}}
        }
}
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40607038
I have tried this in my lab and it also worked for me. The script looks fine in regards to this as well. Also why are you using a script to add groups to local groups on machines? You can do this very easily via GPO. Create a security group add all of the machines to it and use this group for security filtering on the GPO.

When you want to add or remove a group from this you just remove/add them to the security group in question.

Will.
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 40607132
Thanks for checking Will .. yeah GPO was not an option , too many variables .. it was just a quick temporary fix .
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question