定位两个OU中的所有用户并删除通讯组列表 [英] Target all users in two OU's and remove Distribution Lists

问题描述

希望在这里获得一些帮助-我环顾了整个网站，但没有看到任何类似的东西（如果有，请直接告诉我，但我错过了）。

hoping to get a little help here – I looked around the site but didn’t see anything quite like this (please direct me if there IS and I missed it).

我需要在我们的用户下岗流程中加入一个新步骤，这会将它们从任何广告分发列表中删除。我想将其设置为计划任务，使其在两个OU上每晚运行一次，可以在其中找到未激活的用户帐户。

I need to incorporate a new step in our user offboarding process, which would remove them from any AD Distribution Lists. I would like to set this up as a scheduled task to run once a night against two OU’s where the inactivated user accounts can be found.

我想运行此任务通过将其指向USERS而不是Distro Lists所在的OU，因为我怀疑我们最终也会收到将这些用户也从其他类型的组中删除的请求。

I’d like to run this by pointing it at the USERS instead of the OU where the Distro Lists live, because I suspect that we’ll ultimately get the request to remove these users from OTHER types of group as well.

此代码段将从一个用户中删除AD发行列表，但不保留所有其他类型的AD组：

This snippet will remove AD Distro Lists from a single user, but leave all other types of AD groups alone:

#  GroupCategory 0 = Distro List
#  GroupCategory 1 = Security Group

#  GroupScope 0 = DomainLocal
#  GroupScope 1 = Global
#  GroupScope 2 = Universal 

$user = "userlogon"
Get-ADPrincipalGroupMembership -Identity $user|
Where {$_.GroupCategory -eq 0} |
ForEach {Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_ -Confirm:$false} 

此代码段将查看OU并返回一些信息（这只是我在-searchbase中使用变量的示例）：

THIS snippet will look at an OU and return some info (just my example for using a variable with -searchbase):

$OUs = 'OU=PendingDeletion,OU=Users,DC=Stuff,DC=Place,DC=net','OU=HoldForReview,OU=Users,DC=Stuff,DC=Place,DC=net'


$OU | ForEach {Get-ADGroup -Filter * -Properties ManagedBy -SearchBase $_ } |
 Select Name, ManagedBy |
 Sort -Property Name
 Out-GridView 

BUT –可以放在一起吗为了完成我的目标，我会做这样的事情吗？我在这里有点儿不足，对任何重写的建议都表示赞赏：

BUT – Does it hold together that in order to complete my objective, I would do something like this?! I'm a bit out of my depth here, any advice for a re-write is appreciated:

$OUs = 'OU=PendingDeletion,OU=Users,DC=Stuff,DC=Place,DC=net','OU=HoldForReview,OU=Users,DC=Stuff,DC=Place,DC=net'
 $user = "*"

$OUs | ForEach {
        Get-ADPrincipalGroupMembership -Identity $user|
        Where {$_.GroupCategory -eq 0} |
        ForEach {Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_ -Confirm:$false}
              } 

在PoSh中总是有几种方法可以做一些事情，所以我敢肯定，有一种简单的方法可以完成同样的事情。如果有人使用其他方法，请随时提出其他选择。

There’s always a couple of ways to do stuff in PoSh, so I’m sure there’s a less-complicated way to do the same thing. If anyone has a different approach please feel free to suggest an alternative.

感谢您的关注！

推荐答案

所以听起来您需要三个循环。

So it sounds like you need three loops.

首先，您需要遍历OU列表以获取用户。我们将用户对象存储在 $ Users

First, you will need to loop over the OU list to get the Users. We'll store the user objects in $Users

$OUs = 'OU=PendingDeletion,OU=Users,DC=Stuff,DC=Place,DC=net','OU=HoldForReview,OU=Users,DC=Stuff,DC=Place,DC=net'
$Users = ForEach ($OU in $OUs) {
    Get-ADUser -Filter * -SearchBase $OU 
}

下一步遍历用户以获取要删除的组。然后在组上循环以删除每个组。

Next loop over the users to get the groups that you want to remove. Then loop over the groups to remove each one.

ForEach ($User in $Users) {
    Get-ADPrincipalGroupMembership -Identity $user |
    Where-Object {$_.GroupCategory -eq 0} |
    ForEach-Object {
        Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_
    }
} 

这篇关于定位两个OU中的所有用户并删除通讯组列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！