Hey everyone,
I am new to the community and new to Active Roles.
I have been able to create a couple of scripts for bulk add/remove users and groups, but am having issues with creating a script to launch that will remove a list of users (CSV) from a list of groups (CSV)
I am able to target one group at a time and call on a user list to crawl through it and remove them if they are in it, the drawback it that I have to do a list one group at a time. This is fine if I have only 3 or 4, but the maintenance is getting bigger and I'd have to target a lot of groups and a lot of users. I'd like to be able to scale this to look at a user attribute change and do this automatically via workflow in the future. e.g. User status changes to terminated, therefore remove from all these groups.
# Target group Update to the Object DN:
$strGroupName = "CN=ROLE_SCJ_ONEDRIVE_UPLOAD-LIMIT-75,OU=Groups,OU=GlobalApps,DC=global,DC=scj,DC=loc"
#
import-module ActiveRolesManagementShell
Connect-QADService -service usracipn146 -proxy
$list = Get-content H:\ScriptLibrary\RemoveUsers.csv
Foreach($user in $list)
{remove-qadgroupmember -identity $strGroupName -member $user}
What I need to do is remove the list of users from a list of groups.
I thought it would be as simple as this:
$list2 = Get-Content H:\ScriptLibrary\GroupsTest.csv
$list = Get-content H:\ScriptLibrary\RemoveUsersTest.csv
Foreach($qadgroup in $list2)
{Foreach($user in $list)
{remove-qadgroupmember -identity $qadgroup -member $user}}
What occurs with the above, it outputs the user information and takes no action on the group and loops. I've tried changing the $qadgroup to $qadobject and so on, tried to update the list to contain the group DN.
I am able to bulk delete groups (ROLES) from a list without changing the group name to a DN so I don't quite understand why in this list of groups, I don't have to change anything in the group name for it to be identified and just delete it from the directory
$files = Get-Content -Path H:\ScriptLibrary\deletegroup.csv
ForEach ($file in $files) {Remove-QADObject global\$file -Force}
What I have in the list are samaccountname for the $users and group name for the groups