active directory - Powershell Script to search specific OU in AD and find disabled users that is member of a group -

active directory - Powershell Script to search specific OU in AD and find disabled users that is member of a group -

i'm trying write script find disabled users fellow member of 1 or more groups in specific ou in ad. remove groups disabled users. found script removes groups users in csv file, i'm looking run scheduled task prefer not process users had groups removed without having move them different ou.

import-csv $csvfile | foreach-object { # disable business relationship disable-adaccount -identity $_.samaccountname # retrieve user object , memberof property $user = get-aduser -identity $_.samaccountname -properties memberof # remove grouping memberships (will leave domain users not in memberof property returned get-aduser) foreach ($group in ($user | select-object -expandproperty memberof)) { remove-adgroupmember -identity $group -members $user -confirm:$false } }

any thought on how filter out users more 1 group? i'm using script export disabled users has not logged on 60 days:

get-qaduser -searchroot $oudomain -searchscope onelevel -inactivefor 61 -notloggedonfor 61 -disabled -sizelimit 0

thx

you seem have filter ou part downwards good. have thoughts in origin of post actual question how filter out users more 1 group. not sure if typo or not read checking count of groups user has. more realistic interpretation of filter users have @ to the lowest degree 1 of list of groups. i'm going cover both.

the count

i'm sure not want want cover base. next work in where-object clause

if((get-aduser $user -properties memberof).memberof.count -gt 0){process...}

multiple groups

i'm sure intention. locate users contain 1 of serveral groups. best handled regex.

$groupsfilter = "citrix_gatekeeper","barracuda_spam_alerts" $groupsfilter = "($($groupsfilter -join '|'))" # $groupsfilter in illustration is: (citrix_gatekeeper|barracuda_spam_alerts) if(((get-aduser $user -properties memberof).memberof) -match $groupsfilter){process....}

create regex match string based on string array of multiple groups. if $user fellow member of either of groups true returned.

if nil here of utilize suggest making question clearer. helps.

powershell active-directory memberof