as title says, I have to find all the groups that the user is a member of, and deleting its membership from all of them.
I've tried this:
get-adgroup -filter * | where {(Get-ADGroupMember $_ | foreach {$_.PrimarySmtpAdress}) -contains "user1@domain.com"}
but it doesnt return anything (although THERE ARE some items that have to be returned)
as for the deletion I found no way to do it, could someone give me an example of a code that does this?
Im talking about security groups.
Best Answer
Assuming that all backlinks are in place, this is a simple 3-step process easily done with powershell:
If you don't want to manually confirm removing the user for each group, use
-Confirm:$false
:Might I add that you probably want to log every group membership you remove, just for the sake of easy recovery. Before removal, print the group DN's to a text file, identifying the user in question:
This will write all the groups into the file and allow for easy and reliable rollback