• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 28
  • Last Modified:

how to delete membership from a user when groups are in a different domain ?

My goal :  how to remove membership of groups from a domain from people that are in an other domain ?

I have two domains AAA and BBB.
for this case  i'm only using users from AAA : user@AAA

I have groups in both domains.
grp_aaa01, grp_aaa02
grp_bbb01, brp_bbb02


people from domain AAA are member of groups of domain BBB.

what would be the command in order to be able to delete groups of domain  BBB for users in domain AAA.
So far my command is trying to look to user in domaine BBB even when i'm giving the UPN.

example:
Remove-ADGroupMember -identity grp_bbb01 -Member user@AAA -server BBB -Confirm:$false 

Open in new window


^  this is throwing an error :  can not find an object with identity user@AAA under domain BBB , objectNotFound ....

how can i do this ?
thank you in advance.
0
Erwin Pombett
Asked:
Erwin Pombett
1 Solution
 
Omar SoudaniSystem Support EngineerCommented:
Remove-ADGroupMember will try to resolve the identity  from BBB domain only that's why you're getting the error. You need to get cross-forest/domain object using the ADPowershell cmdlets and then supply it as input to –Members or –MemberOf parameter of the cmdlets. Here for more clarifications and step by step guide:

https://blogs.msdn.microsoft.com/adpowershell/2010/01/20/addingremoving-members-from-another-forest-or-domain-to-groups-in-active-directory/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now