Search the Community
Showing results for tags 'kerberos'.
Hi all, I have the following line of code in a PowerShell file, intended to remove a user from all Active Directory groups beginning with an @ symbol; Get-ADGroup -Filter 'name -like "@*"' | Remove-ADGroupMember -Members $UserID It actually works fine, and successfully removes them from the correct groups, however the script locks my admin account every time it's run. Weird! I suspect it's to do with it 'using up' my Kerberos authentication tokens (it uses too many, as it runs for every single AD group beginning with @), or it thinks I'm trying to do something malicious because I'm sending such a large amount of commands in a short time? Is there a way for me to amend this line of code, so that instead of running Remove-ADGroupMember for every single @ group in the Active Directory, it only runs for the groups that the user is a member of? Or any other ideas? Thank you.