From TechNet
Обновил на 2008 PowerShell до 2.0 нет таких команд :(. Нашел другое решение (ниже).
Adding and Removing Members of a Group
Updated: February 28, 2009
Applies To: Windows Server 2008 R2
This topic explains how to use the Active Directory module for Windows PowerShell to add or remove members of a group.
Example 1
The following example demonstrates how to add the user SaraDavis to the group SvcAccPSOGroup:
Add-ADGroupMember -Identity SvcAccPSOGroup -Member SaraDavis
Example 2
The following example demonstrates how to remove the user SaraDavis from the group SvcAccPSOGroup:
Remove-ADGroupMember -Identity SvcAccPSOGroup -Member SaraDavis
Additional information
For a full explanation of the parameters that you can pass to Add-ADGroupMember or Remove-ADGroupMember, at the Active Directory module command prompt, type Get-Help Add-ADGroupMember –detailed or Get-Help Remove-ADGroupMember –detailed, and then press ENTER.
Ставим Quest Active Roles на сервак и делаем простенький скрипт, точнее два скрипта: один на *.ps1 второй *.bat
# запускаем PS с модулями Quest Active Roles и сам исполняемый скрипт
remove.bat
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ImportSystemModules -command
%path%\remove_group_remote.ps1
remove.ps1
# For Auditing your Active Directory
# Produces a list of People within a particular security Group
# In this case, "Domain Admins"
# By changing name of domain, you can query other child domains as well
#
# Requires Quest Active Roles
# Connect to Particular Domain, this is "CONTOSO.LOCAL" an internal Domain Name, but it could just as easily be
# 'ACCOUNTING.CONTOSO.LOCAL' or 'ALASKA.FABRIKAM.COM'
connect-qadservice -service 'baitushum.kg'
' '
#
# 'Domain Admins' can be replaced with any other Group name, including 'Enterprise Admins' or 'Bean Counters'
# should even work on Distribution Lists.
#
remove-qadmemberof -Identity 'Пользователи домена' -group 'Пользователи удаленного рабочего стола'
#add-qadmemberof -Identity 'Пользователи домена' -group 'support_admins'
При необходимости вешаем батник на Планировщик заданий и все окейно работает.
Обновил на 2008 PowerShell до 2.0 нет таких команд :(. Нашел другое решение (ниже).
Adding and Removing Members of a Group
Updated: February 28, 2009
Applies To: Windows Server 2008 R2
This topic explains how to use the Active Directory module for Windows PowerShell to add or remove members of a group.
Example 1
The following example demonstrates how to add the user SaraDavis to the group SvcAccPSOGroup:
Add-ADGroupMember -Identity SvcAccPSOGroup -Member SaraDavis
Example 2
The following example demonstrates how to remove the user SaraDavis from the group SvcAccPSOGroup:
Remove-ADGroupMember -Identity SvcAccPSOGroup -Member SaraDavis
Additional information
For a full explanation of the parameters that you can pass to Add-ADGroupMember or Remove-ADGroupMember, at the Active Directory module command prompt, type Get-Help Add-ADGroupMember –detailed or Get-Help Remove-ADGroupMember –detailed, and then press ENTER.
Ставим Quest Active Roles на сервак и делаем простенький скрипт, точнее два скрипта: один на *.ps1 второй *.bat
# запускаем PS с модулями Quest Active Roles и сам исполняемый скрипт
remove.bat
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -ImportSystemModules -command
%path%\remove_group_remote.ps1
remove.ps1
# For Auditing your Active Directory
# Produces a list of People within a particular security Group
# In this case, "Domain Admins"
# By changing name of domain, you can query other child domains as well
#
# Requires Quest Active Roles
# Connect to Particular Domain, this is "CONTOSO.LOCAL" an internal Domain Name, but it could just as easily be
# 'ACCOUNTING.CONTOSO.LOCAL' or 'ALASKA.FABRIKAM.COM'
connect-qadservice -service 'baitushum.kg'
' '
#
# 'Domain Admins' can be replaced with any other Group name, including 'Enterprise Admins' or 'Bean Counters'
# should even work on Distribution Lists.
#
remove-qadmemberof -Identity 'Пользователи домена' -group 'Пользователи удаленного рабочего стола'
#add-qadmemberof -Identity 'Пользователи домена' -group 'support_admins'
При необходимости вешаем батник на Планировщик заданий и все окейно работает.
No comments:
Post a Comment