Friday, September 3, 2010

Remove Disabled Accounts from AD Groups

I follow various blogs and one of them is Dmitry's PowerShell blog. He recently posted an article on how to remove disabled accounts from AD groups using the Quest cmdlets. While his solution is easy, I was wondering if I could do it in plain AD PowerShell. The solution was reasonably simple and here it is…
Import-Module ActiveDirectory
$GroupNameforeach ($Member in $GroupMembers) { 
    $User = Get-ADUser $Member -Properties Enabled     
     if ($User.Enabled -eq $False) {  
        Remove-ADGroupMember $GroupName $User -Confirm:$false

Quest has some great tools but I don't like installing things on my servers and that's just where I tend to run my AD cleanup jobs from

1 comment:

  1. Unexpected token '(' in expression or statement.
    At C:\Windows\system32\ClearCYVM.ps1:4 char:20
    + $GroupNameforeach ( <<<< $Member in $GroupMembers) {
    + CategoryInfo : ParserError: ((:String) [], ParseException
    + FullyQualifiedErrorId : UnexpectedToken