remove user security groups from user profile

Hi All ,

I am running windows server 2008 R2 and exchange 2010 . I have a list of users in excel  who I need to remove all Security Groups except Domain user and move them to disable OU ,

is that possible to provide me with script in PS to do that please

RabihhajIT HelpDeskAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Yes you can do this via powershell. See below command...
Import-Module activedirectory
TargetOU = "disabledAccounts,dc=domain,dc=com"
$FindGroups = get-content "c:\filename.txt" | Get-ADPrincipalGroupMembership
ForEach ($user in $FindGroups) {
Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $FindGroups
Move-ADObject -Identity $user -TargetPath $TargetOU

Open in new window

Put your users in a text file specifically for this script.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RabihhajIT HelpDeskAuthor Commented:
I posted a request are you able to assist
Distribution list user’s details in active directory
Will SzymkowskiSenior Solution ArchitectCommented:
I am sorry i do not follow. You have another question?

Did the above script work for you?

Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

RabihhajIT HelpDeskAuthor Commented:
I will test it on Wednesday.

In the text file what attributes I can put in and how it look like.

I might add in the text file email address or user id. Do I have to mention in the first line an attribute.

Please advise.
Will SzymkowskiSenior Solution ArchitectCommented:
You can use the sAMAccountName or the DN (DistinguishedName). Each entry in the txt file needs to be on a separate line.

RabihhajIT HelpDeskAuthor Commented:
Great answer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.