1.特定组中移除禁用账号
$group= "testgroup"
$members = Get-ADGroupMember -Identity $group
foreach ($memeber in $members){
$user= Get-ADUser -Identity $memeber
if($user.Enabled -eq $false){
Remove-ADGroupMember $group $user -Confirm:$false
}
}
- 所有组中删除禁用用户
$grouplist = Get-ADGroup -SearchBase "OU=test,dc=test,dc=com" -Filter 'GroupCategory -eq "Distribution"' -SearchScope OneLevel
foreach ($group in $grouplist){
$members = Get-ADGroupMember -Identity $group
foreach ($member in $members){
$user = Get-ADUser -Identity $member
if($user.Enabled -eq $false){
Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false
}
}
}
脚本2:
$users = Get-ADUser -Filter {enabled -eq "false"} -SearchBase "ou=test,dc=test,dc=com"
foreach ($user in $users ) {
Get-ADPrincipalGroupMembership -Identity $user | ?{$_.name -ne "domain users"} | %{Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_ -Confirm:$false}
}
经测试,顺利删除已禁用账号。
