Powershell – Remove Members from AD Groups in bulk


Hi All,

Today we will continue from where we left off in the previous article, wherein we found out the Group Membership for AD groups.

Imagine that after retrieving the information you now have remove members from AD Groups as a group clean up activity. If you are interested in finding out the empty groups in AD, please head over here.

Now there are several ways that you can remove members from a group. The simplest of all is by using Remove-ADGroupMember.

Let us see the examples associated with this cmdlet.

Get-Help Remove-ADGroupMember -Examples

Powershell - Remove Members from AD Groups in bulk

As you can see in the Examples, we need to know the Members that are part of the group in order to remove them from the group. This is fine if you are performing the activity on couple of groups, we can do so from the GUI or using Powershell and it wouldn’t take much time.

If I had to perform the same say on 500 groups, it is impossible for me to know which member is part of which group and to be frank, I don’t know how to perform this using Remove-ADGroupMember.

I would recommend using this cmdlet only if you have to remove Members whose list is readily available along with the group details.

So I went a step ahead to find out if there was any other cmdlet that would help us achieve this in bulk and that’s when I came across the Remove-ADPrincipalGroupMembership cmdlet. This is going to be perfect for our needs right now.

So let us take a look at the final script and how we are going to remove members from AD groups in bulk.

$Groups = Get-Content C:\Groups.txt
foreach ($Group in $Groups){
Get-ADGroupMember -Identity $Group | Remove-ADPrincipalGroupMembership -MemberOf $Group -Confirm:$false

First of all, we are going to write down all the groups in a text file called Groups.txt with one group per line.

Then using foreach loop, we are going to use Get-ADGroupMember to list out all the Members of the group and pipe it to the Remove-ADPrincipalGroupMembership cmdlet.

Also notice that we are using the parameter -Confirm and setting it to False. The reason we are doing this because otherwise it is going to keep asking us if we really want to remove for each user.

I hope this was informative and thank you for reading!

PS: I am coming with an Youtube channel, which is work in progress. I kindly request you take one minute of your time and subscribe to the channel and watch the introductory video here so that I can keep you posted as when I release the new videos. I again want to thank you for spending your time on the website and I hope that you have read something of value.


About Author

I am Adil Arif, working as a Senior Technical Support Engineer at Rubrik as well as an independent blogger and founder of Enterprise Daddy. In my current role, I am supporting infrastructure related to Windows and VMware datacenters.

Leave A Reply