From 24529586dfa42759871ed8c9476872a9e9e1f07f Mon Sep 17 00:00:00 2001 From: EeeeKa Date: Thu, 24 Sep 2020 10:26:52 +0000 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20'clean-adgroups.ps1'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- clean-adgroups.ps1 | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 clean-adgroups.ps1 diff --git a/clean-adgroups.ps1 b/clean-adgroups.ps1 new file mode 100644 index 0000000..d9ee6ad --- /dev/null +++ b/clean-adgroups.ps1 @@ -0,0 +1,31 @@ +$OUs = 'OU=Temp,DC=example,DC=com' +$primaryGroup = 'Временные пользователи' + +$users = $OUs | % {Get-ADUser -Filter {Enabled -eq $FALSE} -SearchBase $PSItem} + +function Set-primary-group ($userName, $groupName) { + # Add the user to the new group, just in case + try { + Add-ADGroupMember -Identity $groupName -Members $userName + } + catch {} + + $groupToken = (Get-ADGroup $groupName -Properties primaryGroupToken).primaryGroupToken + Set-ADUser -Identity $userName -Replace @{primaryGroupID=$groupToken} +} + +foreach ($user in $users) { +# if ($user.SamAccountName -like "*_*adm*") { Continue } + + $Groups = Get-ADPrincipalGroupMembership -Identity $user #| ? {$_.GroupCategory -eq "Security"} +# if (($Groups |measure ).count -eq "1") { Continue } + + Set-primary-group $user.SamAccountName $primaryGroup + + foreach ($group in $groups) { + if ($group.Name -like $primaryGroup) { Continue } + Write-Host "Removing $user from $group.Name" -ForegroundColor Red + Remove-ADGroupMember -Identity $group.distinguishedName -Member $user -Confirm:$FALSE -Server $(Get-ADGroup $group -Properties CanonicalName).CanonicalName.Split('/')[0] + #Set-ADObject -Identity $group.DistinguishedName -Remove @{member="$($user.DistinguishedName)"} -Server $(Get-ADGroup $group -Properties CanonicalName).CanonicalName.Split('/')[0] + } +} \ No newline at end of file