Remove-QADGroupMember
From PowerGUI Wiki
Remove one or more members from a group in Active Directory. Supported are both Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).
Contents |
Syntax
Remove-QADGroupMember [-Identity] <IdentityParameter> [-Member] <IdentityParameter[]> [-Proxy] [-Service <String>] [-ConnectionAccount <String>] [-ConnectionPassword <SecureString>] [-Credential <PSCredential>] [-Connection <ArsConnection>] [-UseGlobalCatalog] [-WhatIf] [-Confirm] [<CommonParameters>]
Detailed Description
Use this cmdlet to remove members from a group in Active Directory. You can specify a list of objects to remove, separating the list items by commas.
The cmdlet has optional parameters that determine the server and the security context for the operation. Normally, the connection parameters could be omitted so far as a connection to a server is established prior to using the cmdlet. In this case, the server and the security context are determined by the Connect-QADService cmdlet.
If you do not use Connect-QADService and have no connection established prior to using a cmdlet, then the connection settings, including the server and the security context, are determined by the connection parameters of the first cmdlet you use. Subsequent cmdlets will use those settings by default.
Related Commands
Parameters
| Name | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|
| Identity | Specify the DN, SID, GUID, or Domain\Name of the group from which you want to remove members.
This parameter is optional since you can pipe into this cmdlet the object returned by the Get-QADGroup cmdlet, to have that object identify the group to act upon. | true | true (ByValue) | |
| Member | Specify a list of objects you want this cmdlet to remove from the group. Each list entry is the DN, SID, GUID, UPN or Domain\Name of an object to remove from the group. Separate the list entries by commas. | true | true (ByValue) | |
| Proxy | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Service | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionAccount | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| ConnectionPassword | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Credential | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| Connection | For parameter description, see help on the Connect-QADService cmdlet. | false | true (ByValue) | |
| UseGlobalCatalog | For parameter description, see help on the Connect-QADService cmdlet. | false | false | |
| WhatIf | Describes what would happen if you executed the command, without actually executing the command. | false | false | |
| Confirm | Prompts you for confirmation before executing the command. | false | false |
Examples
Example 1
$pw = read-host "Enter password" -AsSecureString C:\PS>connect-QADService -service 'localhost' -proxy -ConnectionAccount 'company\administrator' -ConnectionPassword $pw C:\PS>remove-QADGroupMember -identity 'CN=group1,OU=companyOU,DC=company,DC=com' -member 'company\jsmith','S-1-5-21-1279736177-1630491018-182859109-1215' C:\PS>disconnect-QADService
Connect to the local Administration Service with the credentials of a specific user, remove two members (the first one specified by Domain\AccounrName, the second one specified by SID) from the group, and then disconnect.
Example 2
remove-QADGroupMember '<DN of group>' -Service 'server.domain.local:389' -Member '<DN of object>'
Connect to the AD LDS instance on 'server.domain.local:389' with the credentials of the locally logged on user, bind to a specific AD LDS group by DN, and remove the object with a certain DN from the group.
