script to remove groups/users from Local Administators group

Hello,
Could you please help me with the script that would read the excel file with two columns - computername,username and then remove the groups/users from Local Administrators group on each computer.

For example

computername,username
server01,sourcedomain\groupname

So, the script would read the excel file and remove the groups/users listed in the username column from Local Administrators group
creative555Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Do you have the script with which you would like help?

Are these domain based systems?  Any script would require that all the Computers have access/rights for the user with whose credentials the script will be running.

Whether it is VB, powershell or wmi.

Using GPO and restricted groups is the best way to manage the membership of the Administrators group, while it also can be used to auto-add certain user to specified groups.
Subash SundharanIT Infrastructure Architect Commented:
Check this code and see if it work as expected..
Import-Csv C:\input.csv | %{
#Name of local group to remove user or group from   
$localGroup = 'Administrators'
 $user = $_.username
 $computer = $_.computername
 #Remove user or group from Local group
 ([ADSI]"WinNT://$computer/$localGroup,group").remove("WinNT://$user")
}

Open in new window

creative555Author Commented:
THank you so much.  I am getting this error though:

Exception calling "remove" with "1" argument(s): "The trust relationship between the primary domain and the trusted
ain failed.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

Subash SundharanIT Infrastructure Architect Commented:
Are you able to manually remove the group membership of user/group? If yes.. are you using the same account to run the script?
creative555Author Commented:
Forgot to mention, the groups and users to remove would be domain groups. For example, in this format on the spreadsheet:

username:
SOURCEDOMAIN\WindowsSecurityGRoup
SourceDOmain\JohnDoe
creative555Author Commented:
yep. I am using the same account to run script and I have no issues removing groups manually with that account. still getting this error
 
PS C:\migprep> .\Remove-LocalAdministrators.ps1
Exception calling "remove" with "1" argument(s): "The trust relationship between the primary domain and the tru
ain failed.
"
At C:\migprep\Remove-LocalAdministrators.ps1:7 char:54
+ ([ADSI]"WinNT://$computer/$localGroup,group").remove <<<< ("WinNT://$user")
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
Subash SundharanIT Infrastructure Architect Commented:
ok replace line 4 with following.
$user = $_.username -replace "\\","/"

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
creative555Author Commented:
Hi,
This script actually works but how do I modify it to read computers and domain usernames from
inputfile with computername and username?

computername,username
 server01,sourcedomain\groupname


cls 
$strDomain = Read-Host "Enter Domain" 
$strComputer = Read-Host "Enter System Name" 
$strUser = Read-Host "Enter Username" 
$computer = [ADSI]("WinNT://" + $strComputer + ",computer") 
$group = $computer.psbase.children.find("Administrators"
$group.Name 

function ListAdministrator
{$members = $group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)
$members} 
$group.Remove("WinNT://" + $strDomain + "/" + $strUser) 
ListAdministrators
Subash SundharanIT Infrastructure Architect Commented:
Did you try the suggested change in my code?
creative555Author Commented:
It is working with the change below. Thank you so much!!!!
$user = $_.username -replace "\\","/"
creative555Author Commented:
Excellent! Thank you very much!
Subash SundharanIT Infrastructure Architect Commented:
You are welcome!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.