Forum Discussion
Remove bulk users from mail-enabled security group
- Feb 23, 2022
stogiefan My bad, should have been member instead of members.. Try this:
foreach ($user in get-aduser -filter * | where-object DistinguishedName -like '*Withdrawn*') {Remove-DistributionGroupMember -Identity 'Students - All' -member $user.SamAccountName -Confirm:$False -WhatIf }
(You don't have to install the module again or connect-exchangeonline again in your session, next session you can connect straight away without installing the module too)
I know I need to identify the members of an OU in AD. I assume to do so I need to use the path name rather than just the nested OU's name.
eg - "(DOMAIN)/USERS/STUDENTS/WITHDRAWN" ... or just "Withdrawn"?
Also, where do I identify the group name that they need to be removed from? In this case it is "Students - All".
Also, I assume I run this in powershell from my AD server correct?
I apologize for so many questions, I may be in over my head! Ha!
stogiefan Doesn't matter, you're using PowerShell and that's always ok! I thought you wanted the users to be removed from any mail-enabled security group, but if you only have one group that the users need to be removed from.. That's easier and I replaced the OU filter for a wildcard search on any user within the Withdrawn OU, try the script below and if it returns some users that would be affected by it.. You can then remove the -WhatIf part, I've added the -Force:$True parameter so that it won't ask you if you want to remove the user for every occurence.
And you can run it from your Domain Controller / AD Server, that's the easiest for you now I guess 😉 (You can install the RSAT tools on your computer too and run a PowerShell command from there if you start it as your Admin account)
- edit - Changed $user to $user.SamAccountName
foreach ($user in get-aduser -filter * | where-object DistinguishedName -like '*Withdrawn*') {Remove-AdGroupMember -Identity 'Students - All' -members $user.SamAccountName -Force:$True -WhatIf }
- stogiefanFeb 23, 2022Brass ContributorI cannot thank you enough for working with me on this. I understand this a bit better now. When I first ran it, it said it did not recognize the "force" parameter. I removed that and the "whatif" and it said it could not find the Students - All object. this may be due to the hybrid nature of our environment. That OU exists in our local AD but the security group may be cloud-only. I am not sure how this works as I am not the network admin, I am the computer technician. But my coworker won't do this stuff so I am forced to try and learn it.
Thank you again for taking your time to help me!- Feb 23, 2022Ok, that might be the case... You could try to change remove-adgroupmember to Remove-DistributionGroupMember, the parameters are the same.. If you do a seach in Active Directory Users and Computers, does it show go anything while searching for Students? It could also be a dynamic group, that users are put in it automatically. In that case, the query behind it should be modified perhaps to include enabled users?
- stogiefanFeb 23, 2022Brass ContributorThat didn't work out either. Let me give you more info and it may help.
Ad is on our DC and Exchange is on it's own server. Then we have the cloud environment (Azure and 365). I am not sure how that all works together. The users accounts are in the OU I mentioned above and they are disabled (since they are withdrawn students). For whatever reason the school wants to keep the accts but remove them from distros. We use several diff groups for those distros. In this case, "Students - All" is a mail-enabled security group.
I was hoping I could somehow identify the OU members (withdrawn students) to remove them in bulk from distros (specifically the one above).
Does this help?
I am so appreciative of you taking your time here. I completely understand if this becomes annoying, lol.