Remove multiple memberships from a AD group?

I got a request from customer that "persons on this list should be removed from this AD group". First I thought that it's a simple task, but then I realized that I don't have a clue how I can delete memberships using DataImport -tool. And I'm not sure what will happen if I just delete those lines from ADSAccountInADSGroup -table, will it launch the remove process or not.

So what is the best way to remove number of memberships based on some list from AD group, using OneIdentity v. 8.1.2?

Parents
  • First of all, you can, of course, delete the entries in ADSAccountInADSGroup table using the ObjectLayer (not SQL!) and the provisioning processes will be triggered. As long as the direct membership was the only reason for this membership. You can verify this using the XOrigin property at the memberships.

    So for example, you could use the Object Browser for doing this.

    Another option would be to use PowerShell to fetch the CSV using the Import-CSV cmdlet and removing the entries in ADSAccountInADSGroup using REST calls against the REST-API of OneIM or use the IdentityManager.PoSh module available on GitHub (https://github.com/OneIdentity/IdentityManager.PoSh).

Reply
  • First of all, you can, of course, delete the entries in ADSAccountInADSGroup table using the ObjectLayer (not SQL!) and the provisioning processes will be triggered. As long as the direct membership was the only reason for this membership. You can verify this using the XOrigin property at the memberships.

    So for example, you could use the Object Browser for doing this.

    Another option would be to use PowerShell to fetch the CSV using the Import-CSV cmdlet and removing the entries in ADSAccountInADSGroup using REST calls against the REST-API of OneIM or use the IdentityManager.PoSh module available on GitHub (https://github.com/OneIdentity/IdentityManager.PoSh).

Children
No Data