AD安全组移除禁用账户
移除特定组禁用账户
$group= "group-行政部"
$members = Get-ADGroupMember -Identity $group
foreach ($memeber in $members){
$user= Get-ADUser -Identity $memeber
if($user.Enabled -eq $false){
Remove-ADGroupMember $group $user -Confirm:$false
}
}
移除所有组内禁用账户
$users = Search-ADAccount -AccountDisabled -SearchBase "OU=南京,DC=free,DC=com"
foreach($user in $users)
{
$Membership = Get-ADPrincipalGroupMembership $user
$group = $Membership.distinguishedName -ne "CN=Domain Users,CN=Users,DC=free,DC=com"
Remove-ADPrincipalGroupMembership -identity $User -MemberOf $group -confirm:$False
}