Solved

Remove old SIDS from multiple AD groups with powershell

Posted on 2016-09-28
2
32 Views
Last Modified: 2016-09-29
Hi EE

I have a list of old SIDS I need to remove from groups but instead of doing one at a time , I wanted to add all the SIDS and groups
to a CSV file and remove them faster ...

I was thinking something like this ... but I need help completing it or if someone already has this .

$sids = import-csv .\RemoveSIDS.csv
Foreach ($sid in $sids) {Set-ADGroup $sids -remove @{SIDHistory=$sid.value} }


What would my CSV file headers be ? how do I reference that in the script ?
one column would have the SID and the other column would be the group name that it needs to remove the SID from .

this does one at a time .
Set-ADGroup <Groupname> -remove @{sidhistory="S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx"}
0
Comment
Question by:MilesLogan
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 41820799
Try...
Import-csv c:\input.csv | % {Set-ADGroup $_.Group -remove @{sidhistory=$_.Sid}}

Open in new window

Csv format
Group,Sid
GroupA,S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx
GroupB,S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 41822790
perfect !
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now