Forum Discussion
Remove bulk users from mail-enabled security group
We have an OU built for Withdrawn students; the accounts are disabled but they still show up in groups they belonged to. We need to be able to remove them from mailing lists. We use a mail-enabled security group for All Students. I need to be able to remove all the Withdrawn students from this group. What is the best way to go about this?
Thank you in advance!
stogiefan My bad, should have been member instead of members.. Try this:
foreach ($user in get-aduser -filter * | where-object DistinguishedName -like '*Withdrawn*') {Remove-DistributionGroupMember -Identity 'Students - All' -member $user.SamAccountName -Confirm:$False -WhatIf }
(You don't have to install the module again or connect-exchangeonline again in your session, next session you can connect straight away without installing the module too)
stogiefan Something like this, you have to enter the OU of the Withdrawn users in it, use a -whatif to test after the remove-adgroupmember 😉
foreach ($user in get-aduser -filter * | where-object DistinguishedName -match 'ou of withdrawn students') {get-adgroup -filter * -properties mail | where-object {($_.mail -ne $Null) -and ($_.groupcategory -eq "Security")}} | remove-adgroupmember -members $user }
- stogiefanBrass ContributorWow, thanks so much for this. I will get back to you after giving it a try!
- stogiefanBrass ContributorHi again, and thanks again for your response. I could not get this to work. I am painfully inexperienced with Powershell. But I do want to try and understand this.
I know I need to identify the members of an OU in AD. I assume to do so I need to use the path name rather than just the nested OU's name.
eg - "(DOMAIN)/USERS/STUDENTS/WITHDRAWN" ... or just "Withdrawn"?
Also, where do I identify the group name that they need to be removed from? In this case it is "Students - All".
Also, I assume I run this in powershell from my AD server correct?
I apologize for so many questions, I may be in over my head! Ha!stogiefan Doesn't matter, you're using PowerShell and that's always ok! I thought you wanted the users to be removed from any mail-enabled security group, but if you only have one group that the users need to be removed from.. That's easier and I replaced the OU filter for a wildcard search on any user within the Withdrawn OU, try the script below and if it returns some users that would be affected by it.. You can then remove the -WhatIf part, I've added the -Force:$True parameter so that it won't ask you if you want to remove the user for every occurence.
And you can run it from your Domain Controller / AD Server, that's the easiest for you now I guess 😉 (You can install the RSAT tools on your computer too and run a PowerShell command from there if you start it as your Admin account)- edit - Changed $user to $user.SamAccountName
foreach ($user in get-aduser -filter * | where-object DistinguishedName -like '*Withdrawn*') {Remove-AdGroupMember -Identity 'Students - All' -members $user.SamAccountName -Force:$True -WhatIf }