# Удаляем все адм2 УЗ из перечисленных групп.
# записываем лог проделанные действия
$users = Get-ADUser -Filter {name -like "adm2-*"} -Properties memberof,enabled
$ITSM = "3652285"
$now = [datetime]::Now
$logfile = "C:\logs\remove_from_removable_groups.txt"
$Groups = @("" -split "\n" | % {$_.Trim()})
$Groups | % {
$group = $_
#$group
$users | % {
$user = $_
#"removing $user from $group"
$user.memberof|get-adgroup|%{
$memberofgroupname = $_.Name
#$memberofgroupname
if($group -eq $memberofgroupname){
Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false
Set-ADUser -Identity $user -Add @{otherPager="$now DZI del from sensitive grous $ITSM"}
$message = "$now - $($user.SamAccountName) removed from $memberofgroupname"
$message
Out-File -FilePath $logfile -Encoding unicode -Append:$true -InputObject $message
}
}
}
}
Категория: