Home > Mobile >  How to disabled Group in AD
How to disabled Group in AD

Time:09-17

I have simple requirement to disable/deactivate group in AD. There are plenty of options for AD users & Computers but did not see anything related to groups.

Basically, We want to remove all member from the group and set group to InActive or disabled. I can think of below approach but not sure if it is right way to do it.

Remove-ADGroup is not option in our case due to some security and audit concerns.

  1. Remove all members from the group and move group to non-operational OU
  2. Remove all members for the group and set enable flag to "false"

Please suggest best way/solution to achieve this.

Thanks

CodePudding user response:

This command will remove an AD Group for you.

Remove-ADGroup

CodePudding user response:

This should help you

Get-ADGroup will get all the groups, Get-ADGroupMember will get all the member then Move-ADObject will move the group to another OU

$AdGroups = Get-ADGroup -filter * | Select-Object -ExpandProperty Name

foreach($ADgroup in $ADgroups){ 

Get-ADGroupMember "$ADgroup" | ForEach-Object {Remove-ADGroupMember "$ADgroup" $_ -Confirm:$false}

Move-ADObject -Identity $AGroup -TargetPath "OU=disable,DC=test,DC=local"

}

Page link:https//www.codepudding.com/Mobile/115250.html

Prev:Powershell command to identify all the Windows type and UNIX type text file
Next:Powershell if statement into foreach loop from csv
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding