PowerShell Logo Small

Remove-ADGroupMember



This is the built-in help made by Microsoft for the command 'Remove-ADGroupMember', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Removes one or more members from an Active Directory group.

SYNTAX


Remove-ADGroupMember [-Identity] <ADGroup> [-Members] <ADPrincipal[]> [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Partition
<String>] [-PassThru [<SwitchParameter>]] [-Server <String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Remove-ADGroupMember cmdlet removes one or more users, groups, service accounts, or computers from an Active Directory group.


The Identity parameter specifies the Active Directory group that contains the members to remove. You can identify a group by its distinguished
name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name. You can also specify a group object variable,
such as $<localGroupObject>, or pass a group object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup
cmdlet to retrieve a group object and then pass the object through the pipeline to the Remove-ADGroupMember cmdlet.


The Members parameter specifies the users, computers and groups to remove from the group specified by the Identity parameter. You can identify
a user, computer or group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name.
You can also specify user, computer, and group object variables, such as $<localUserObject>. If you are specifying more than one new member,
use a comma-separated list. You cannot pass user, computer, or group objects through the pipeline to this cmdlet. To remove user, computer, or
group objects from a group by using the pipeline, use the Remove-ADPrincipalGroupMembership cmdlet.


For AD LDS environments, the Partition parameter must be specified except in the following two conditions:


-The cmdlet is run from an Active Directory provider drive.


-A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment,
set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkID=219336
Add-ADGroupMember
Add-ADPrincipalGroupMembership
Get-ADGroup
Get-ADGroupMember
Get-ADPrincipalGroupMembership
Remove-ADPrincipalGroupMembership

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>remove-adgroupmember -Identity "DocumentReaders" -Member "WilsonPais"

Confirm
Are you sure you want to perform this action?
Performing operation "Set" on Target "CN=DocumentReaders,CN=Users,DC=Fabrikam,DC=com".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):



Description

-----------

Remove the user with samAccountName 'WilsonPais' from the group 'DocumentReaders'.




-------------------------- EXAMPLE 2 --------------------------

C:\PS>remove-adgroupmember "DocumentReaders" "administrator","Wilson Pais"



Description

-----------

Remove the users with samAccountNames 'administrator' and 'WilsonPais' from the group 'DocumentReaders'.




-------------------------- EXAMPLE 3 --------------------------

C:\PS>get-adgroup -server localhost:60000 "CN=AccessControl,DC=AppNC" | remove-adgroupmember -member "CN=GlenJohns,DC=AppNC"

Confirm
Are you sure you want to perform this action?
Performing operation "Set" on Target "CN=AccessControl,DC=AppNC".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):



Description

-----------

Remove the user with DistinguishedName 'CN=GlenJohns,DC=AppNC' from the AccessControl group on an AD LDS instance using the pipeline.