distribution – Mohammed Wasay

Remove disabled users from Distribution Lists & Security Groups in Active Directory

November 10, 2016 by mo wasay

One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy. The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

# This script removes all disabled users from all security and distribution groups in the specified "searchOU"

Import-Module ActiveDirectory

$searchOU = "OU=Groups,DC=domain,DC=local"

$adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU
$adgroup | ForEach-Object{ $group = $_
	Get-ADGroupMember -Identity $group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_
		$uname = $user.Name
		$gname = $group.Name
		Write-Host "Removing $uname from $gname" -Foreground Yellow
		Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false
	}
}

# This script removes all disabled users from all security and distribution groups in the specified "searchOU"

Import-Module ActiveDirectory

$searchOU = "OU=Groups,DC=domain,DC=local"

$adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU

$adgroup | ForEach-Object{ $group = $_

Get-ADGroupMember -Identity $group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_

$uname = $user.Name

$gname = $group.Name

Write-Host "Removing $uname from $gname" -Foreground Yellow

Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false

}

Find out ‘in cloud’ Distribution Groups

November 3, 2016November 3, 2016 by mo wasay

Microsoft Teams was announced yesterday and many want to jump right in. I noticed when users wanted to create teams, new distribution groups started getting added. I wanted to find out my ‘In cloud’ distribution groups and was surprised there was no property for the item. I was able to find out the groups … Read moreFind out ‘in cloud’ Distribution Groups

Remove group membership of disabled accounts

August 22, 2016April 25, 2016 by mo wasay

Majority of the system administrators I’ve met forget this very important rule. When an account is not needed remove its membership from the security/ distribution groups, otherwise you get disabled account showing up in groups, and that looks ugly. You will need Quest ActiveRoles for Powershell installed to get this working. Depending on the size … Read moreRemove group membership of disabled accounts