Remove users from AD group

Roger Roger 4,956 Reputation points
2022-01-22T08:42:19.113+00:00

Hi All

I have a requirement to remove 300 users from an AD group, i have csv file in the below format which contains Userprincipalnames

upn
user1@mydomain.com
user2@mydomain.com

is the below syntax correct.

import-csv c:\temp\input.csv |
Foreach-Object{
$GetSam = Get-ADUser -Filter "UserPrincipalName -eq '$($_.upn)'"
if ($GetSam){
Remove-ADGroupMember -Identity "group1" -Members $GetSam.SamAccountName -confirm:$false
} else {
Write-Host "$($_.upn) not found in AD"
}
}
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,494 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,395 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,966 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,401 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 45,111 Reputation points
    2022-01-23T16:06:46.563+00:00

    Here's another version of the code submitted by @Thameur-BOURBITA :

    $Group = 'Group1'  
    Import-Csv -path c:\temp\input.csv |  
        ForEach-Object{  
            $UPN = $_.upn       # needed for "Catch" block  
            $samaccountname = Get-ADUser -Filter "UserPrincipalName -eq '$UPN'" -Erroraction SilentlyContinue |   
                                    Select-Object –ExpandProperty Samaccountname  
            if ($samaccount){  
                Try{  
                    Remove-ADGroupMember -Identity $Group1 -Members $SamAccountName -confirm:$false -Erroraction stop  
                    Add-content -path c:\temp\_.log -value "$UPN has been removed successfully from $Group"  
                }  
                Catch{  
                    Add-content -path c:\temp\_.log -value "$UPN was not removed from group '$Group' -- ERROR $_"  
                }  
            }  
            else{  
                Add-content -path c:\temp\_.log -value "$UPN was not found"                 
            }  
        }  
    Add-content -path c:\temp\_.log -value "---END---"  
    

2 additional answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,596 Reputation points
    2022-01-22T14:00:08.013+00:00

    Hi,
    You can use this script , it will generate a log file to track all modifications and errors :

    $users = get-content -path c:\temp\input.csv -Delimiter ";"
    
    foreach($user -in $users)
    {
    
    $UPN = $user.upn
    try
    {
    $samaccountname = get-aduser -Filter 'UserPrincipaleName -eq "$UPN" ' -Erroraction stop | select –ExpandProperty Samaccountname
    Remove-ADGroupMember -Identity "group1" -Members $SamAccountName -confirm:$false -Erroraction stop
    
    Add-content -path "c:\temp\_.log" -value "$samaccountname has been removed successfully from group1"
    }
    
    catch
    {
    
    Add-content -path "c:\temp\_.log" -value "$UPN ERROR $_"
    }
    
    }
    
    Add-content -path "c:\temp\_.log" -value "---END---"
    

    Please don't forget to mark heplfull reply as answer


  2. Limitless Technology 39,416 Reputation points
    2022-01-24T15:23:13.627+00:00

    Hello RogerRoger

    It looks alright, but usually I am using a simple TXT file as this:

    Import-Module Activedirectory
    $Users = Import-Csv "ListOfUsers.csv" -Header users
    ForEach ($User In $Users)
    {
    $Email = $User.users
    # Retrieve the sAMAccountName of the user with the specified email address in the CSV file.
    $SamName = (Get-ADUser -Filter {EmailAddress -eq $Email}).sAMAccountName
    # Make sure there is just one user found.
    Switch ($SamName.Count)
    {
    0 {Write-Host "User with EmailAddress $Email not found"}
    1 {Remove-ADGroupMember -Identity "GroupName" -Members $SamName}
    Default {Write-Host "More than one user found with EmailAddress $Email"}
    }
    }

    Reference: https://social.technet.microsoft.com/Forums/en-US/f6b705b9-ed47-4412-beaf-9ff7d8ed8b65/removing-list-of-users-from-ad-group?forum=winserverDS


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments