EDUCBA

Home Data Science Data Science Tutorials PowerShell Tutorial PowerShell remove User from group

PowerShell remove User from group

Updated March 6, 2023

PowerShell remove User from group

Introduction to PowerShell remove user from group

Removing users from a local group or an active directory group once a user leaves the organization or if he no longer needed to be part of the group is a common requirement. Removing them manually can be tiring and in case of bulk removal, it is very tough and requires immense concentration. To overcome this there are cmdlets in PowerShell that will remove users from local group as well as AD group. This article will cover in detail those cmdlets along with appropriate examples.

Start Your Free Data Science Course

Hadoop, Data Science, Statistics & others

Remove-LocalGroupMember:

This cmdlet is used to remove members from the mentioned local group.

Syntax:

Input:

Get-Help -Name Remove-LocalGroupMember
NAME
Remove-LocalGroupMember
Syntax:
Remove-LocalGroupMember [-Group] <LocalGroup> [-Member] <LocalPrincipal[]> [-WhatIf] [-Confirm][<CommonParameters>] Remove-LocalGroupMember [-Name] <string> [-Member] <LocalPrincipal[]> [-WhatIf] [-Confirm] [<CommonParameters>] Remove-LocalGroupMember [-SID] <SecurityIdentifier> [-Member] <LocalPrincipal[]> [-WhatIf] [-Confirm][<CommonParameters>] ALIASES
rlgm

Parameters:

-Confirm:

This inquires for client affirmation before continuing to execute. The datatype of the parameter is switch. Its assumed name is cf. False is the default value. It doesn’t acknowledge pipeline input and wildcard characters are moreover not permitted.

-Group:

This denotes the group name from which the users or group needs to be removed. The data type of this parameter is Microsoft.PowerShell.Commands.LocalGroup. This is an obligatory parameter. The default value is none. It doesn’t accept pipeline input and wildcard characters are moreover not permitted.

-Member:

This parameter contains the members that should be removed from the desired group. It can be list of users, or a group name, set of SID’s. This is a mandatory parameter. The data type of this parameter is Microsoft.PowerShell.Commands.LocalPrincipal[]. Its positional value is 1. The default value is none. It accepts pipeline input, but wildcard characters are also not permitted.

-Name:

This specifies the group from which the members need to be removed. The data type of this parameter is string. None is the default value. Pipeline input is not accepted also wild card characters are not permitted.

-SID:

This represents of the security of the group from which the members need to be removed. The data type of this parameter is SecurityIdentifier. The position of this parameter in this cmdlet is 0. It doesn’t have any default value. The default value is none. It doesn’t accept pipeline input and wildcard characters are moreover not permitted.

-Whatif:

This lets the user know of the result that would happen if this cmdlet is run. The data type of this parameter is switch. The alias is wi. False is its default value. It doesn’t accept pipeline input and wildcard characters are moreover not permitted.

Remove-ADGroupMember:

This is used to remove members from an active directory group.

Syntax:

Remove-ADGroupMember [-WhatIf] [-Confirm] [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADGroup> [-Members] <ADPrincipal[]> [-Partition <String>] [-PassThru] [-Server <String>] [-DisablePermissiveModify] [<CommonParameters>]

Parameters:

-Authtype:

This alludes to the authentication to be utilized to remove items from the AD group. It can either be negotiate(0) or basic(1). By default, negotiate is utilized. Essential strategy requires a set up SSL association. The information sort of this parameter is ADAuthType. The default esteem is none. Pipeline input isn’t acknowledged, and wild card characters are moreover not allowed.

-Confirm:

Whenever a user confirmation is needed before running the cmdlet this parameter is used. The alias is cf. The data type of this parameter is cf. False is the default value. Pipeline input is not accepted also wild card characters are not permitted.

-Credential:

This indicates the credential beneath which the cmdlet will be run. By default, the current user’s profile is considered. On the off chance that the cmdlet is being run from a drive, the drives account is utilized. The datatype of this parameter is PSCredential. None is the default esteem. It doesn’t acknowledge pipeline input and wildcard characters are too not permitted.

-DisablePermissiveModify:

This prevents the system from throwing an error, when trying to add an existing user to a group. The data type of this parameter is switch. The default value is false. It doesn’t accept pipeline input and wildcard characters are also not permitted.

-Members:

This can be a group of users, groups or objects that needs to be removed the AD group. It can take the following as values; DN, Security Identifier, SAM account name and GUID. The data type of this parameter is ADPrincipal[]. None is the default value. It doesn’t accept pipeline input and wildcard characters are also not permitted.

-Partition:

This represents the AD partition’s distinguished name. In AD, a default value is set under one of the following cases. In case of identity parameter is assigned a DN, then the partitions name is generated directly from the DN. If the cmdlets are run from AD drive, value of partition is derived from the current path of the drive. If either of the above two cases are not matched, target domains value is used as the value of the partition. The data type is string. None is the default esteem. It doesn’t accept pipeline input and wildcard characters are also not permitted.

-Passthru:

This doesn’t generate any output. It usually returns the object of item we are trying to remove. The data type is switch. None is the default esteem. It doesn’t accept pipeline input and wildcard characters are also not permitted.

Example

Input:

Write-Host "Example of removing users from an AD group" -ForegroundColor Green
Import-Csv “C:\test\test.csv” | ForEach-Object {
$iden= $_.Identity
$mem=$_.Member
Remove-ADGroupMember -Identity $iden -Members $mem
Write-Host "Member got successfully removed from the AD group" -ForegroundColor Green
}
Write-Host "Removing users from a local admin group" -ForegroundColor Green
Import-Csv “C:\test\test1.csv” | ForEach-Object {
$grp= $_.GroupName
$mem1=$_.MemName
Remove-LocalGroupMember -Group $grp -Member $mem1
Write-Host "Member got successfully removed from the local admin group" -ForegroundColor Green
}

Output:

PowerShell remove User from group

Conclusion – PowerShell remove User from group

Thus, the article explained in detail the two methods in which users can be removed from both local admin group and from AD group along with appropriate examples. It also covered the various parameters and deleting bulk users from a group. To learn more in detail it is advisable to write sample scripts and practice them.

Recommended Articles

This is a guide to PowerShell remove User from group. Here we discuss Introduction, syntax, and various parameters. You may also have a look at the following articles to learn more –

  1. PowerShell Multiline String
  2. PowerShell Batch File
  3. PowerShell do while
  4. PowerShell Dictionary