2.9 Removing Users and Computers from a Group

Remove Single User or Computer from a Group

To remove a user from a group, use the Remove-ADGroupMember cmdlet:

Remove-ADGroupMember -Identity IT-Support -Members ammar.saber

and to remove a computer from a group, use the Remove-ADGroupMember cmdlet:

Remove-ADGroupMember -Identity IT-Support -Members WS-IT-01$

Note: Don’t forget to use the dollar sign $ at the end of the computer name.

Remove Bulk of Users or Computers from a Group

an easy way to remove multiple users or computers from a group is to add them to a csv file and then use the following script:

Import-Csv C:\Users\domain-admin\Desktop\users.csv | ForEach-Object { Remove-ADGroupMember -Identity "IT-Support" -Members $_.users -Verbose }

Remove a User from Multiple Groups

you can remove a user from multiple groups at once, run the following script:

Get-ADUser -Identity ammar.saber -Properties MemberOf | ForEach-Object { $_.MemberOf | Remove-ADGroupMember -Members $_.DistinguishedName -Confirm:$false }

Note: the user will lose all group memberships except Domain Users, which can be removed manually if needed.