Remove users from AD group

Question

Hi All

I have a requirement to remove 300 users from an AD group, i have csv file in the below format which contains Userprincipalnames

upn
user1@mydomain.com
user2@mydomain.com

is the below syntax correct.

import-csv c:\temp\input.csv |
Foreach-Object{
$GetSam = Get-ADUser -Filter "UserPrincipalName -eq '$($_.upn)'"
if ($GetSam){
Remove-ADGroupMember -Identity "group1" -Members $GetSam.SamAccountName -confirm:$false
} else {
Write-Host "$($_.upn) not found in AD"
}
}

Answer 1

Here's another version of the code submitted by @Thameur-BOURBITA :

$Group = 'Group1'  
Import-Csv -path c:\temp\input.csv |  
    ForEach-Object{  
        $UPN = $_.upn       # needed for "Catch" block  
        $samaccountname = Get-ADUser -Filter "UserPrincipalName -eq '$UPN'" -Erroraction SilentlyContinue |   
                                Select-Object –ExpandProperty Samaccountname  
        if ($samaccount){  
            Try{  
                Remove-ADGroupMember -Identity $Group1 -Members $SamAccountName -confirm:$false -Erroraction stop  
                Add-content -path c:\temp\_.log -value "$UPN has been removed successfully from $Group"  
            }  
            Catch{  
                Add-content -path c:\temp\_.log -value "$UPN was not removed from group '$Group' -- ERROR $_"  
            }  
        }  
        else{  
            Add-content -path c:\temp\_.log -value "$UPN was not found"                 
        }  
    }  
Add-content -path c:\temp\_.log -value "---END---"  

Answer 2

Hi,
You can use this script , it will generate a log file to track all modifications and errors :

$users = get-content -path c:\temp\input.csv -Delimiter ";"

foreach($user -in $users)
{

$UPN = $user.upn
try
{
$samaccountname = get-aduser -Filter 'UserPrincipaleName -eq "$UPN" ' -Erroraction stop | select –ExpandProperty Samaccountname
Remove-ADGroupMember -Identity "group1" -Members $SamAccountName -confirm:$false -Erroraction stop

Add-content -path "c:\temp\_.log" -value "$samaccountname has been removed successfully from group1"
}

catch
{

Add-content -path "c:\temp\_.log" -value "$UPN ERROR $_"
}

}

Add-content -path "c:\temp\_.log" -value "---END---"

Please don't forget to mark heplfull reply as answer

Answer 3

Hello RogerRoger

It looks alright, but usually I am using a simple TXT file as this:

Import-Module Activedirectory
$Users = Import-Csv "ListOfUsers.csv" -Header users
ForEach ($User In $Users)
{
$Email = $User.users
# Retrieve the sAMAccountName of the user with the specified email address in the CSV file.
$SamName = (Get-ADUser -Filter {EmailAddress -eq $Email}).sAMAccountName
# Make sure there is just one user found.
Switch ($SamName.Count)
{
0 {Write-Host "User with EmailAddress $Email not found"}
1 {Remove-ADGroupMember -Identity "GroupName" -Members $SamName}
Default {Write-Host "More than one user found with EmailAddress $Email"}
}
}

Reference: https://social.technet.microsoft.com/Forums/en-US/f6b705b9-ed47-4412-beaf-9ff7d8ed8b65/removing-list-of-users-from-ad-group?forum=winserverDS

---

--If the reply is helpful, please Upvote and Accept as answer--