We Keep Coding

Remove member of all groups active directory

I have 2 server in my company one is Us.local(<--main domain) and 2nd is India.local
we get the bulk termination in our india.local domain and I want to remove all AD groups from the tab. I am using the below mentioned script to remove all members of groups.
Note: There is no issue with users account we can disable and remove groups manually
$users= import-CSv -Path C:\Users\Desktop\DisableUsers.csv
$totalcount = $users.Count
write-host $totalcount
$currentCount = 1
Foreach ($u in $users)
{
#Remove members from DL (AD)
Get-ADUser -Server:"addc45.india.local" $u.UserID -Properties MemberOf | Select -Expand MemberOf | %{Remove-ADGroupMember $_ -member $u.UserID -Confirm:$false }
Write-host "Disabled" $u.UserID $currentCount "/" $totalcount
$currentCount++
}
I am getting the below mentioned error every time I use powershell.
Remove-ADGroupMember : A referral was returned from the server
At line:15 char:125
+ ... emberOf | %{Remove-ADGroupMember $_ -member $u.UserID -Confirm:$false ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (CN=VDI-IN-EQ-SV...health,DC=local:ADGroup) [Remove-ADGroupMember], ADReferralException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
Remove-ADGroupMember : Cannot find an object with identity: 'IN100040' under: 'DC=US,DC=local'.
At line:15 char:125
+ ... emberOf | %{Remove-ADGroupMember $_ -member $u.UserID -Confirm:$false ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (IN100040:ADPrincipal) [Remove-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember

PS error when enforcing Smartcard attribute

I am receiving error message when running the following script, any idea why?
PS C:\Users\npevltdisdddtda_1> $userList = Import-Csv C:\temp\Text.csv
foreach ($user in $userList) {
# Get-ADUser -Filter "SamAccountName -eq '$($user.SamAccountName)'" | {Set-ADUser -SmartCardLogonRequired:$true}
Get-ADUser -filter "SamAccountName -eq '$($user.SamAccountName)'" | {Set-ADUser -SmartcardLogonRequired:$true}
}
At line:5 char:77
+ ... ($user.SamAccountName)'" | {Set-ADUser -SmartcardLogonRequired:$true}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expressions are only allowed as the first element of a pipeline.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : ExpressionsMustBeFirstInPipeline

Script to add users of particular AD OU to another AD group

Running Powershell as an admin
I would like to have a script that I can run daily to add users from "cn=users,dc=costco,dc=com" to an AD group "groupname" "CN=groupname,OU=Groups,DC=costco,DC=com"
$When = (Get-Date).AddDays(-1).Date
Get-ADUser -SearchBase 'cn=users,dc=costco,dc=com' -Filter { whenCreated -ge $When } | add-adgroupmember -MemberOf 'groupname'
it errors out with
Add-ADGroupMember : A parameter cannot be found that matches parameter
name 'MemberOf'. At line:2 char:111
+ ... ilter { whenCreated -ge $When } | add-adgroupmember -MemberOf 'groupname ...
+ ~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-ADGroupMember], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
I have also tried with the help of a redditor
When = (Get-Date).AddDays(-1).Date
Get-ADUser -SearchBase 'CN=users,dc=costo,dc=com' -Filter { whenCreated -ge $When } | ForEach-Object { Add-ADGroupMember -Identity 'Groupname' -Members $_ }
Error:
Add-ADGroupMember : Insufficient access rights to perform the
operation At line:2 char:109
+ ... ach-Object {Add-ADGroupMember -Identity ‘groupname’ -Members $_ } ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (groupname:ADGroup) [Add-ADGroupMember], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8344,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

To make your first example work, you need to supply the pipeline value to the command, instead of trying to pass it in on the actual pipeline.
Try:
$group = "NewUsers"
Get-ADUser -SearchBase 'cn=users,dc=costco,dc=com' -Filter { whenCreated -ge $When } | %{ Add-ADGroupMember -Identity $Group -Members $_.samaccountname }

piping get-aduser output to set-aduser within a foreach loop

I am trying to get a list of users where the telephone attrib is null and update the atrrib with a phone number, so far here is what I have:
$allen=gc "C:\0NIX\03SCRIPTS\TMP\jkirb\allen.txt"
$phonenumber = "972-xxx-xxx"
FOREACH ($user in $allen)
{
$nophone = get-aduser $user -pr *| where {$_.telephonenumber -eq $null} | select samaccountname |ft -HideTableHeaders
Set-ADuser -identity "$nophone" -replace #{telephonenumber="$phonenumber"}
}
Which is erroring with this:
Set-ADuser : Cannot find an object with identity: 'Microsoft.PowerShell.Commands.Internal.Format.FormatStartData Microsoft.PowerShell.Commands.Internal.Format.GroupStartData
Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData Microsoft.PowerShell.Commands.Internal.Format.GroupEndData Microsoft.PowerShell.Commands.Internal.Format.FormatEndData' under:
'DC=bhcs,DC=pvt'.
At line:7 char:1
+ Set-ADuser -identity "$nophone" -replace #{telephonenumber="$phonenumber"}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power...t.FormatEndData:ADUser) [Set-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: 'Microsoft.PowerShell.Commands.Internal.Format.FormatStartData Microsoft.PowerShell.Commands.Internal.Format.GroupStartData Mic
rosoft.PowerShell.Commands.Internal.Format.FormatEntryData Microsoft.PowerShell.Commands.Internal.Format.GroupEndData Microsoft.PowerShell.Commands.Internal.Format.FormatEndData' under: 'DC=
bhcs,DC=pvt'.,Microsoft.ActiveDirectory.Management.Commands.SetADUser

You are adding some custom formatting to your object when you use any of the Format-* cmdlets (Format-Table in your case) and this ruins the object for future pipeline use.
Try this instead:
$allen=gc "C:\0NIX\03SCRIPTS\TMP\jkirb\allen.txt"
$phonenumber = "972-xxx-xxx"
FOREACH ($user in $allen)
{
$nophone = get-aduser $user -pr *| where {$_.telephonenumber -eq $null}
Set-ADuser -identity "$nophone" -replace #{telephonenumber="$phonenumber"}
}

How to update user attributes?

I'm trying to write a script that updates every user's msIIS-FTPRoot attribute where the user's description = ‘FTPuser’.
import-module activedirectory
$users = Get-ADUser -SearchBase "dc=NAME,dc=com" -Filter {Description -eq "FTPUser"}
Set-ADUser $users -Replace #{msIIS-FTPRoot='NewTEXT'}
I get the following error:
Missing '=' operator after key in hash literal.
At line:1 char:60
+ Set-ADUser $users -Replace #{msIIS-FTPRoot='\\SOMETEXT\' <<<< }
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEqualsInHashLiteral

Using quotation marks on the attribute name solves your problem.

Set-ADUser $users -Replace #{'msIIS-FTPRoot'='NewTEXT'}