31 lines
1.4 KiB
PowerShell
31 lines
1.4 KiB
PowerShell
$OUs = 'OU=Temp,DC=example,DC=com'
|
|
$primaryGroup = 'Временные пользователи'
|
|
|
|
$users = $OUs | % {Get-ADUser -Filter {Enabled -eq $FALSE} -SearchBase $PSItem}
|
|
|
|
function Set-primary-group ($userName, $groupName) {
|
|
# Add the user to the new group, just in case
|
|
try {
|
|
Add-ADGroupMember -Identity $groupName -Members $userName
|
|
}
|
|
catch {}
|
|
|
|
$groupToken = (Get-ADGroup $groupName -Properties primaryGroupToken).primaryGroupToken
|
|
Set-ADUser -Identity $userName -Replace @{primaryGroupID=$groupToken}
|
|
}
|
|
|
|
foreach ($user in $users) {
|
|
# if ($user.SamAccountName -like "*_*adm*") { Continue }
|
|
|
|
$Groups = Get-ADPrincipalGroupMembership -Identity $user #| ? {$_.GroupCategory -eq "Security"}
|
|
# if (($Groups |measure ).count -eq "1") { Continue }
|
|
|
|
Set-primary-group $user.SamAccountName $primaryGroup
|
|
|
|
foreach ($group in $groups) {
|
|
if ($group.Name -like $primaryGroup) { Continue }
|
|
Write-Host "Removing $user from $group.Name" -ForegroundColor Red
|
|
Remove-ADGroupMember -Identity $group.distinguishedName -Member $user -Confirm:$FALSE -Server $(Get-ADGroup $group -Properties CanonicalName).CanonicalName.Split('/')[0]
|
|
#Set-ADObject -Identity $group.DistinguishedName -Remove @{member="$($user.DistinguishedName)"} -Server $(Get-ADGroup $group -Properties CanonicalName).CanonicalName.Split('/')[0]
|
|
}
|
|
} |