Solved

Remove groups from user objects in a specific OU folder in active directory.

Posted on 2015-02-13
3
100 Views
Last Modified: 2015-02-19
I need to create a power shell script that will remove all the groups from a user object, except the Domain User group. I found this sample and made the changes needed to point to the OU folder that will contain the users that need the groups removed from them.

Import-Module activedirectory
$ou = Get‐ADUser ‐SearchBase "OU=Disabled Users,DC=LABDOMAIN,DC=COM" ‐Filter *
foreach ($user in $ou) {
$UserDN = $user.DistinguishedName
Get‐ADGroup ‐LDAPFilter "(member=$UserDN)" | foreach‐object {
if ($_.name -ne "Domain Users") {remove‐adgroupmember ‐identity $_.name ‐member $UserDN ‐Confirm:$False} }
}

When I run the script, I receive the errors below.
Get‐ADUser : The term 'Get‐ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At C:\Users\Administrator\Desktop\User Object Cleanup.ps1:2 char:7
+ $ou = Get‐ADUser ‐SearchBase "OU=Disabled Users,DC=LABDOMAIN,DC=COM" ‐Filter *
+       ~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get‐ADUser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Any ideas?
0
Comment
Question by:Domenic DiPasquale
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40608327
Get‐ADUser : The term 'Get‐ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path

This is because the activedirectory module did not import before running the script.

You can run get-module and it will display all of the modules that are currently installed on the server.

What you could do is just try typing import-module activedirectory first.

then try your script.

If you are running this from a workstation you will need to have RSAT (remote server admin tools) installed to get access to the AD cmdlets in the module.

Will.
0
 

Author Comment

by:Domenic DiPasquale
ID: 40608336
I found my issue. "-member" was missing an "s" at the end. I have "Import-Module activedirectory" in front of the code, which should enable the use of Get-ADUser. I decided to re-write the code using the PowerShell ISE to make sure the syntax was entered properly.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40608459
Get‐ADUser : The term 'Get‐ADUser' is not recognized as the name of a cmdlet
You get this error message specifically when the module is not imported into the powershell session.

Will.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question