我正在尝试从所有组中删除用户,包括 Active Directory 中的“域用户”组。我已经将用户切换到一个新的主要组,并且能够从所有其他组中删除用户,“域用户”除外。
“域用户”组不再是主要组,但我仍然无法从“域用户”组中删除用户。
这个代码不正确吗?
Get-ADUser -Filter "SamAccountName -eq '$samname'" -Properties MemberOf | ForEach-Object {$_.MemberOf | Remove-ADGroupMember -Members $users -Confirm:$false}
我也试过:
Remove-ADGroupMember -Identity "Domain Users" -Members $user -Confirm:$false
但是同样出现访问权限不足的错误。
$groups = $user.Groups
$users = Get-ADUser -Filter "SamAccountName -eq '$samname'"
$groupname = Get-ADGroup -Filter "SamAccountName -eq '$groups'"
foreach ($group in $groups) {
$groupmember = Get-ADGroupMember -Identity $group
if ($groupmember.SamAccountName -notcontains $users) {
Add-ADGroupMember -Identity $groupname -Members $users
$setprigroup = Get-ADGroup $groupname -properties primaryGroupToken
Get-ADUser -Filter "SamAccountName -eq '$samname'" | Set-ADUser -replace @{primaryGroupID=$setprigroup.primaryGroupToken}
Get-ADUser -Filter "SamAccountName -eq '$samname'" -Properties MemberOf | ForEach-Object {$_.MemberOf | Remove-ADGroupMember -Members $users -Confirm:$false}
}
}