Help with listing and deleting recursive group memberships

I have a scenario i’m having some trouble with. Here are the requirements: 1. Delete all AD objects as members of nested groups, without deleting the nested group objects themselves 2. Report that the user objects were deleted

I have a scenario, where, I have a series of groups nested inside another single group. These nested group members must be deleted weekly as part of a scheduled task. There is a report which must be generated which confirms the AD user objects have been removed.

How I have handled this was to list all users of the groups via get-adgroupmember -recursive to a csv, then call a series of remove-adgroupmember for each nested group via hard-coded calls, then do another get-adgroupmember to prove the groups had no members, finally another script to generate an email with the “pre” and “post” .csv attachments… This works, but is ugly.

In a perfect world, I would like to: 1. Enumerate the nested group names inside the “master group” 2. Enumerate the user objects (samaccountname) inside of each nested group 3. Delete the user objects inside of each nested group 4. Document/report these deletions to either a report, csv or a generated email (like send-mailmessage)

Obviously this is way beyond my skillset in powershell, so i’m asking if this is possible and/or for help.

submitted by /u/troy12n
[link] [comments]

Leave a Reply