$ouPath = "DC=chngalaxy,DC=com"
$users = Get-ADUser -SearchBase $ouPath -Filter {Enabled -eq $false}
foreach ($user in $users) {
    $userDN = $user.DistinguishedName
    $groups = Get-ADPrincipalGroupMembership -Identity $userDN | Where-Object { $_.Name -ne "Domain Users" }
    foreach ($group in $groups) {
        Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false
    }
}

$ouPath为域中的OU的distinguishedName属性值,也可以为域名信息

$users变量 查找在OU中的禁用账户

foreach 循环使用Get-ADPrincipalGroupMembership获取禁用账户所属组

下一个foreach循环针对获取的组,将禁用账户移除组的信息

powershell脚本-将禁用账户的AD从组中移除_powershell