$OUs = 'OU=Temp,DC=example,DC=com'
$primaryGroup = 'Временные пользователи'

$users = $OUs | % {Get-ADUser -Filter {Enabled -eq $FALSE} -SearchBase $PSItem}

function Set-primary-group ($userName, $groupName) {
    # Add the user to the new group, just in case
    try {
        Add-ADGroupMember -Identity $groupName -Members $userName
    }
    catch {}

    $groupToken = (Get-ADGroup $groupName -Properties primaryGroupToken).primaryGroupToken
    Set-ADUser -Identity $userName -Replace @{primaryGroupID=$groupToken}
}

foreach ($user in $users) {
#    if ($user.SamAccountName -like "*_*adm*") { Continue }

    $Groups = Get-ADPrincipalGroupMembership -Identity $user #| ? {$_.GroupCategory -eq "Security"}
#    if (($Groups |measure ).count -eq "1") { Continue }

    Set-primary-group $user.SamAccountName $primaryGroup
    
    foreach ($group in $groups) {
        if ($group.Name -like $primaryGroup) { Continue } 
        Write-Host "Removing $user from $group.Name" -ForegroundColor Red
        Remove-ADGroupMember -Identity $group.distinguishedName -Member $user -Confirm:$FALSE -Server $(Get-ADGroup $group -Properties CanonicalName).CanonicalName.Split('/')[0]
        #Set-ADObject -Identity $group.DistinguishedName -Remove @{member="$($user.DistinguishedName)"} -Server $(Get-ADGroup $group -Properties CanonicalName).CanonicalName.Split('/')[0]
    }
}