Powershell – Remove Members from AD Groups in bulk
Now there are several ways that you can remove members from a group. The simplest of all is by using Remove-ADGroupMember.
Let us see the examples associated with this cmdlet.
Get-Help Remove-ADGroupMember -Examples
As you can see in the Examples, we need to know the Members that are part of the group in order to remove them from the group. This is fine if you are performing the activity on couple of groups, we can do so from the GUI or using Powershell and it wouldn’t take much time.
If I had to perform the same say on 500 groups, it is impossible for me to know which member is part of which group and to be frank, I don’t know how to perform this using Remove-ADGroupMember.
I would recommend using this cmdlet only if you have to remove Members whose list is readily available along with the group details.
So I went a step ahead to find out if there was any other cmdlet that would help us achieve this in bulk and that’s when I came across the Remove-ADPrincipalGroupMembership cmdlet. This is going to be perfect for our needs right now.
So let us take a look at the final script and how we are going to remove members from AD groups in bulk.
Groups = Get-Content C:\Groups.txt
foreach ($Group in $Groups){
Get-ADGroupMember -Identity $Group | Remove-ADPrincipalGroupMembership -MemberOf $Group -Confirm:$false
}
First of all, we are going to write down all the groups in a text file called Groups.txt with one group per line.
Then using foreach loop, we are going to use Get-ADGroupMember to list out all the Members of the group and pipe it to the Remove-ADPrincipalGroupMembership cmdlet.
Also notice that we are using the parameter -Confirm and setting it to False. The reason we are doing this because otherwise it is going to keep asking us if we really want to remove for each user.
I hope this was informative and thank you for reading!