Solved

Remove old SIDS from multiple AD groups with powershell

Posted on 2016-09-28
2
73 Views
Last Modified: 2016-09-29
Hi EE

I have a list of old SIDS I need to remove from groups but instead of doing one at a time , I wanted to add all the SIDS and groups
to a CSV file and remove them faster ...

I was thinking something like this ... but I need help completing it or if someone already has this .

$sids = import-csv .\RemoveSIDS.csv
Foreach ($sid in $sids) {Set-ADGroup $sids -remove @{SIDHistory=$sid.value} }


What would my CSV file headers be ? how do I reference that in the script ?
one column would have the SID and the other column would be the group name that it needs to remove the SID from .

this does one at a time .
Set-ADGroup <Groupname> -remove @{sidhistory="S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx"}
0
Comment
Question by:MilesLogan
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 41820799
Try...
Import-csv c:\input.csv | % {Set-ADGroup $_.Group -remove @{sidhistory=$_.Sid}}

Open in new window

Csv format
Group,Sid
GroupA,S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx
GroupB,S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 41822790
perfect !
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question