• State Not Answered
  • Replies 14 replies
  • Subscribers 62 subscribers
  • Views 2630 views
  • Users 0 members are here
Options
Related

Remove a list users from a list of groups

eacranda2
over 1 year ago

Hey everyone, 
I am new to the community and new to Active Roles. 
I have been able to create a couple of scripts for bulk add/remove users and groups, but am having issues with creating a script to launch that will remove a list of users (CSV) from a list of groups (CSV) 

I am able to target one group at a time and call on a user list to crawl through it and remove them if they are in it, the drawback it that I have to do a list one group at a time. This is fine if I have only 3 or 4, but the maintenance is getting bigger and I'd have to target a lot of groups and a lot of users. I'd like to be able to scale this to look at a user attribute change and do this automatically via workflow in the future. e.g. User status changes to terminated, therefore remove from all these groups.  

# Target group Update to the Object DN:
$strGroupName = "CN=ROLE_SCJ_ONEDRIVE_UPLOAD-LIMIT-75,OU=Groups,OU=GlobalApps,DC=global,DC=scj,DC=loc"
#
import-module ActiveRolesManagementShell
Connect-QADService -service usracipn146 -proxy
$list = Get-content H:\ScriptLibrary\RemoveUsers.csv
Foreach($user in $list)
{remove-qadgroupmember -identity $strGroupName -member $user}

What I need to do is remove the list of users from a list of groups. 

I thought it would be as simple as this: 

$list2 = Get-Content H:\ScriptLibrary\GroupsTest.csv
$list = Get-content H:\ScriptLibrary\RemoveUsersTest.csv
Foreach($qadgroup in $list2)
{Foreach($user in $list)
{remove-qadgroupmember -identity $qadgroup -member $user}}

What occurs with the above, it outputs the user information and takes no action on the group and loops. I've tried changing the $qadgroup to $qadobject and so on, tried to update the list to contain the group DN. 
I am able to bulk delete groups (ROLES) from a list without changing the group name to a DN so I don't quite understand why in this list of groups, I don't have to change anything in the group name for it to be identified and just delete it from the directory

$files = Get-Content -Path H:\ScriptLibrary\deletegroup.csv
ForEach ($file in $files) {Remove-QADObject global\$file -Force}


What I have in the list are samaccountname for the $users and group name for the groups

  • 0 over 1 year ago in reply to JohnnyQuest

    Thanks. 
    Suppressing the out put will come in handy, but it won't do anything to remove the users from the group or groups I have listed in that CSV. 

  • 0 over 1 year ago in reply to eacranda2

    No it won't BUT my intent was more to see if the Remove-QADGroupMember itself is throwing an error.  I gather you are not seeing any "OS reported Error" outputs?

    Perhaps try:

    1) Adding Import-Module ActiveDirectory at the top of your script
    2) Swapping in Remove-ADGroupMember instead of using the Quest cmdlet?  You can still use -Identity and -ErrorAction but -Member becomes -Members

  • 0 over 1 year ago in reply to JohnnyQuest

    So....
    I got it to work :) 

    import-module ActiveRolesManagementShell
    Connect-QADService -service thenameoftheserver -proxy

    $list = Get-content H:\ScriptLibrary\RemoveUsersTest.csv
    $List2 = Get-Content H:\ScriptLibrary\GroupsTest.csv
    Foreach($QADGroup in $list2)
    {Foreach($user in $list)
    {Remove-QADGroupMember -identity $QADGroup -member $user}}

    I tested this against a couple of groups I created and dropped the same 3 users in each group. 

    It removed the 3 users in all of the groups in the  groups list

    I'm not sure why before it kept looping the output and taking no action on the group itself, but somehow, going back and rewriting this from the beginning it was successful. 

    That said....how do you put the read from data into one file and have PS perform that action? Lets say groups in Column A, Users in Column B? 

  • 0 over 1 year ago in reply to eacranda2

    Try this

    <#

    Assumed input file format:

    User,Groups
    Bjones,Group1;Group2;Group3
    JSmith,Group4;Group5;Group6
    SWilliams,Group1;Group2;Group3

    #>

    Import-module ActiveRolesManagementShell
    Connect-QADService -service thenameoftheserver -proxy

    $UserInfo = Import-Csv "Group_Cleanup.csv"

    Foreach ($UserInfoItem in $UserInfo)
    {

    $GroupsList = $($UserInfoItem | select -expandproperty Groups).split(";")
    $CurrentUser = [string]$UserInfoItem.User

    Foreach ($GroupsListItem in $GroupsList)
    {

    $Result = Remove-QADGroupMember -Identity $GroupsListItem -Member $CurrentUser

    } # End of groups processing loop


    } # End of UserInfo loop