Remove users from AD group

Roger Roger 4,956 Reputation points

Hi All

I have a requirement to remove 300 users from an AD group, i have csv file in the below format which contains Userprincipalnames


is the below syntax correct.

import-csv c:\temp\input.csv |
$GetSam = Get-ADUser -Filter "UserPrincipalName -eq '$($_.upn)'"
if ($GetSam){
Remove-ADGroupMember -Identity "group1" -Members $GetSam.SamAccountName -confirm:$false
} else {
Write-Host "$($_.upn) not found in AD"
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,494 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,395 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,966 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,401 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 45,111 Reputation points

    Here's another version of the code submitted by @Thameur-BOURBITA :

    $Group = 'Group1'  
    Import-Csv -path c:\temp\input.csv |  
            $UPN = $_.upn       # needed for "Catch" block  
            $samaccountname = Get-ADUser -Filter "UserPrincipalName -eq '$UPN'" -Erroraction SilentlyContinue |   
                                    Select-Object –ExpandProperty Samaccountname  
            if ($samaccount){  
                    Remove-ADGroupMember -Identity $Group1 -Members $SamAccountName -confirm:$false -Erroraction stop  
                    Add-content -path c:\temp\_.log -value "$UPN has been removed successfully from $Group"  
                    Add-content -path c:\temp\_.log -value "$UPN was not removed from group '$Group' -- ERROR $_"  
                Add-content -path c:\temp\_.log -value "$UPN was not found"                 
    Add-content -path c:\temp\_.log -value "---END---"  

2 additional answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,596 Reputation points

    You can use this script , it will generate a log file to track all modifications and errors :

    $users = get-content -path c:\temp\input.csv -Delimiter ";"
    foreach($user -in $users)
    $UPN = $user.upn
    $samaccountname = get-aduser -Filter 'UserPrincipaleName -eq "$UPN" ' -Erroraction stop | select –ExpandProperty Samaccountname
    Remove-ADGroupMember -Identity "group1" -Members $SamAccountName -confirm:$false -Erroraction stop
    Add-content -path "c:\temp\_.log" -value "$samaccountname has been removed successfully from group1"
    Add-content -path "c:\temp\_.log" -value "$UPN ERROR $_"
    Add-content -path "c:\temp\_.log" -value "---END---"

    Please don't forget to mark heplfull reply as answer

  2. Limitless Technology 39,416 Reputation points

    Hello RogerRoger

    It looks alright, but usually I am using a simple TXT file as this:

    Import-Module Activedirectory
    $Users = Import-Csv "ListOfUsers.csv" -Header users
    ForEach ($User In $Users)
    $Email = $User.users
    # Retrieve the sAMAccountName of the user with the specified email address in the CSV file.
    $SamName = (Get-ADUser -Filter {EmailAddress -eq $Email}).sAMAccountName
    # Make sure there is just one user found.
    Switch ($SamName.Count)
    0 {Write-Host "User with EmailAddress $Email not found"}
    1 {Remove-ADGroupMember -Identity "GroupName" -Members $SamName}
    Default {Write-Host "More than one user found with EmailAddress $Email"}


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments