Jump to content

PowerShell - Remove-ADGroupMember - Locking my admin account


Recommended Posts

Hi all,

I have the following line of code in a PowerShell file, intended to remove a user from all Active Directory groups beginning with an @ symbol;

Get-ADGroup -Filter 'name -like "@*"' | Remove-ADGroupMember -Members $UserID

It actually works fine, and successfully removes them from the correct groups, however the script locks my admin account every time it's run. Weird!

I suspect it's to do with it 'using up' my Kerberos authentication tokens (it uses too many, as it runs for every single AD group beginning with @), or it thinks I'm trying to do something malicious because I'm sending such a large amount of commands in a short time?

Is there a way for me to amend this line of code, so that instead of running Remove-ADGroupMember for every single @ group in the Active Directory, it only runs for the groups that the user is a member of? Or any other ideas?

Thank you.

Link to comment
Share on other sites

That shouldn't lock out your account as far as I know.  However, this is probably a better way to get what you want.  It will target only the groups that your user is associated with and remove them from each.

Get-ADPrincipalGroupMembership $UserID | ? { $_.Name -like "@*" } | Select Name | % { Remove-ADGroupMember $_ -Members $UserID }

Forgot that you're looking for group names with "@" so I fixed it to include only those groups.

Edited by sud0nick
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...