Specific User's member of Groups removal powershell Script

Sathishkumar Singh 486 Reputation points
2023-05-29T09:35:31.2666667+00:00

Hello Team

I have created AD User creation Automation script. working fine with adding member of groups.

Now i am looking for user exit formalities .When i run the script for list of users or specific users from csv. without specifying member of groups to be removed.

Can you please advise

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,580 questions
0 comments No comments
{count} votes

Accepted answer
  1. Khaled Elsayed Mohamed 1,255 Reputation points
    2023-05-30T09:03:52.74+00:00

    Hi Sathishkumar Singh

    If you want to handle user exit formalities, such as removing users from groups, as part of your AD user creation automation script, you can implement a conditional check to handle scenarios where no groups are specified for removal. Here's a general approach you can follow:

    1. Read the user information from the CSV file or any other data source.
    2. Check if any groups are specified for removal for each user.
    3. If groups are specified, proceed with removing the user from those groups.
    4. If no groups are specified for removal, skip the removal step and continue with other tasks or exit formalities.
    5. Continue with any remaining steps of your user creation script or perform any other necessary exit formalities (e.g., disabling the user account, updating attributes, etc.).

    Here's an example implementation using PowerShell:

    Read user information from CSV or any other data source

    $users = Import-Csv -Path "UserInformation.csv"
    
    # Iterate through each user
    foreach ($user in $users) {
        # Check if groups are specified for removal
        if ($user.GroupsToRemove) {
            $groupsToRemove = $user.GroupsToRemove -split ';'  # Assuming groups are separated by semicolon (;) in the CSV
    
            # Remove user from each group specified
            foreach ($group in $groupsToRemove) {
                Remove-ADGroupMember -Identity $group -Members $user.SamAccountName -Confirm:$false
            }
        }
    
        # Continue with other exit formalities or remaining tasks
        # ...
    }
    
    
    

    In this example, the script assumes that the CSV file contains a column named "GroupsToRemove" that specifies the groups to remove the user from, separated by semicolons (;). If no groups are specified for removal, the removal step is skipped, and the script moves on to other exit formalities or remaining tasks.

    You can customize this script according to your specific CSV format and requirements. Make sure to adjust the column names and input parameters to match your CSV file structure.

    Remember to test the script thoroughly in a non-production environment before applying it to your production AD environment to ensure it meets your requirements and functions as expected.

    1 person found this answer helpful.

4 additional answers

Sort by: Most helpful
  1. Khaled Elsayed Mohamed 1,255 Reputation points
    2023-05-31T07:40:24.1566667+00:00

    Hi Sathishkumar Singh

    If I understand correctly, you want to remove a specific user from all groups they are a member of. You would like to provide the username either through a CSV file or by manually entering it when running the script. Here's a PowerShell script that allows you to accomplish this:

    # Prompt for the username if not using a CSV file
    if (-not $csvFilePath) {
        $username = Read-Host "Enter the username"
    } else {
        # Read the username from the CSV file
        $csvData = Import-Csv -Path $csvFilePath
        $username = $csvData.Username
    }
    
    # Get the groups the user is a member of
    $userGroups = Get-ADUser -Identity $username -Properties MemberOf | Select-Object -ExpandProperty MemberOf
    
    # Remove the user from each group
    foreach ($group in $userGroups) {
        Remove-ADGroupMember -Identity $group -Members $username -Confirm:$false
    }
    
    Write-Host "User '$username' has been removed from all groups."
    
    
    

    This script uses the Active Directory module (requires the RSAT tools) to manage group membership. If you haven't already, you'll need to install the Active Directory module for PowerShell.

    To use the script:

    Save the script as a .ps1 file (e.g., RemoveUserFromGroups.ps1).

    1. If you have a CSV file containing the username(s), ensure the file has a header named "Username" and specify the file path in the $csvFilePath variable at the beginning of the script. For example:
    $csvFilePath = "C:\Path\To\Users.csv"
    

    If you don't have a CSV file and want to manually enter the username when running the script, leave the $csvFilePath variable empty.

    Open a PowerShell session with administrative privileges.

    Navigate to the directory where you saved the script.

    1. Run the script:
    
    .\RemoveUserFromGroups.ps1
    

    The script will prompt for the username if a CSV file is not used. It will then retrieve the groups the user is a member of and remove the user from each group. Finally, it will display a message indicating that the user has been removed from all groups.


  2. Khaled Elsayed Mohamed 1,255 Reputation points
    2023-06-04T09:41:21.3833333+00:00

    I will try as much as possible to answer your questions during my rest time from work

    0 comments No comments

  3. Khaled Elsayed Mohamed 1,255 Reputation points
    2023-06-04T09:52:20.1266667+00:00

    would you mind please to rephrase your last request in points

    If you want to collect everything you want at once in several points, it will be better.


  4. Khaled Elsayed Mohamed 1,255 Reputation points
    2023-06-07T11:17:56.9833333+00:00

    Hi Sathishkumar Singh

    script that exports the removed groups to an HTML file and sends it as an email. Make sure to fill in the necessary details for the SMTP server and email recipients.

    Write-Host "User '$username' has been removed from all groups. The report has been exported and emailed." 
    

    Make sure to replace 'C:\Path\To\Export.html' with the desired file path for exporting the HTML report. Also, update the SMTP server details, sender, recipient, subject, and body variables to match your environment.

    This script will export the removed groups to an HTML file with columns for "Removed User Name," "Removed By Whom," and "Removed Group." It will then send an email with the exported HTML file as an attachment.

    Note: Ensure that you have the necessary permissions and access to execute the required operations, such as removing users from groups and sending emails.

    0 comments No comments