Azure 广告 - Powershell - 如果用户是组 b 的成员,则从组 a 中删除用户
Azure ad - Powershell - remove user from group a if they are a member of group b
您好 IT 专业人员,
我需要一些帮助,我正在尝试创建一些 powershell 脚本来检查用户是否是成员组 B,然后他们是否将他们从组 A 中删除 - 我对 powershell 和脚本编写仍然很陌生,所以我我遇到了一些麻烦,想知道是否可以得到一些帮助!
这是我目前所知道的,我所能做的就是列出 B 组的成员
Get-AzureADGroupMember -ObjectId "90e136ce-f573-4b4f9990-21a314963de2"
# Get all members of the GroupB.
Foreach ($ObjectId In Get-AzureADGroupMember -ObjectId "90e136ce-f573-4b4f-9990-21a314963de2")
{
If ((Get-AzureADGroupMember -ObjectId "746e5b45-9368-434c-bab1-5d5b7baea075" -Contains $ObjectId))
{
# Remove that user from GroupA
Remove-AzureADGroupMember -ObjectId "746e5b45-9368-434c-bab1-5d5b7baea075" -Members $ObjectId
}
}
我找到了一些 powershell 脚本,但我无法让它们用于 azure ad
# Get all members of the GroupB.
Foreach ($User In Get-ADGroupMember -Identity "Group B")
{
# If they are a 'MemberOf' GroupA
If ((Get-ADUser $User.SamAccountName -Properties MemberOf).MemberOf -Contains "Group A")
{
# Remove that user from GroupA
Remove-ADGroupMember -Identity "Group A" -Members $User.SamAccountName
}
}
我非常感谢对此的任何帮助!
下面是片段。
如果您是为单个用户执行此操作:
$user_upn = "<USER UPN>"
$users= Get-AzureADGroupMember -ObjectId "<GROUP B ID>" -All $true
#Finds for a specific user and if it exists, goes ahead and remove the specific user from the Group A
$users |?{$_.UserPrincipalName -eq $user_upn} | %{Remove-AzureADGroupMember -ObjectId "<GROUP A ID>" -MemberId $_.objectid}
说明
获取组B的所有成员并将其存储在变量$users中。
检查(过滤器)所需成员是否存在于 $users 变量中,如果是,则继续并从 A 组中删除。
如果您希望对文件中的 UPN 列表执行此操作。您可以参考以下代码段。
#Getting the list of UPNS of the users for whom the process specified needs to be carried out
$user_upns = Get-Content "C:\ListUPN.txt"
#Iterates through each UPN
foreach( $user_upn in $user_upns)
{
Write-Host "Working on the $user_upn" -ForegroundColor Green
#Gets all user from the GROUP B
$users= Get-AzureADGroupMember -ObjectId "<GROUP B ID>" -All $true
#Finds for a specific user and if it exists, goes ahead and remove the specific user from the Group A
$users |?{$_.UserPrincipalName -eq $user_upn} | %{Remove-AzureADGroupMember -ObjectId "<GROUP A ID>" -MemberId $_.objectid}
}
这是在另一个论坛上为我回答的https://www.reddit.com/r/AZURE/comments/k910l4/azure_ad_powershell_help_user_group_memberships/
Reddit 上 TheStig1293 的荣誉
#Store the groups in a variable
$GroupA = Get-AzureADGroupMember -ObjectId '746e5b45-9368-434c-bab1-5d5b7baea075'
$GroupB = Get-AzureADGroupMember -ObjectId '90e136ce-f573-4b4f-9990-21a314963de2'
#Using Compare-object to compare the members of the groups and then using Where-object to select the ones that are in both Groups. This is stored in a variable called Dif
$diff = Compare-Object -ReferenceObject $GroupB.ObjectID -DifferenceObject $GroupA.ObjectID -IncludeEqual | Where-Object {$_.SideIndicator -eq "=="}
#Using foreach to go through each user in diff and then removing them. We are referencing the InputObject property as the Object ID because if you look at the output of Compare-object, that is the anchor for the comparison.
foreach($user in $diff){
#I Included this so you can verify manually they are the users you would like to remove prior to removing.
#Get-AzureADUser -ObjectId $user.InputObject
Remove-AzureADGroupMember -ObjectID '746e5b45-9368-434c-bab1-5d5b7baea075' -MemberID ($User).InputObject
}
您好 IT 专业人员,
我需要一些帮助,我正在尝试创建一些 powershell 脚本来检查用户是否是成员组 B,然后他们是否将他们从组 A 中删除 - 我对 powershell 和脚本编写仍然很陌生,所以我我遇到了一些麻烦,想知道是否可以得到一些帮助!
这是我目前所知道的,我所能做的就是列出 B 组的成员
Get-AzureADGroupMember -ObjectId "90e136ce-f573-4b4f9990-21a314963de2"
# Get all members of the GroupB.
Foreach ($ObjectId In Get-AzureADGroupMember -ObjectId "90e136ce-f573-4b4f-9990-21a314963de2")
{
If ((Get-AzureADGroupMember -ObjectId "746e5b45-9368-434c-bab1-5d5b7baea075" -Contains $ObjectId))
{
# Remove that user from GroupA
Remove-AzureADGroupMember -ObjectId "746e5b45-9368-434c-bab1-5d5b7baea075" -Members $ObjectId
}
}
我找到了一些 powershell 脚本,但我无法让它们用于 azure ad
# Get all members of the GroupB.
Foreach ($User In Get-ADGroupMember -Identity "Group B")
{
# If they are a 'MemberOf' GroupA
If ((Get-ADUser $User.SamAccountName -Properties MemberOf).MemberOf -Contains "Group A")
{
# Remove that user from GroupA
Remove-ADGroupMember -Identity "Group A" -Members $User.SamAccountName
}
}
我非常感谢对此的任何帮助!
下面是片段。
如果您是为单个用户执行此操作:
$user_upn = "<USER UPN>"
$users= Get-AzureADGroupMember -ObjectId "<GROUP B ID>" -All $true
#Finds for a specific user and if it exists, goes ahead and remove the specific user from the Group A
$users |?{$_.UserPrincipalName -eq $user_upn} | %{Remove-AzureADGroupMember -ObjectId "<GROUP A ID>" -MemberId $_.objectid}
说明
获取组B的所有成员并将其存储在变量$users中。 检查(过滤器)所需成员是否存在于 $users 变量中,如果是,则继续并从 A 组中删除。
如果您希望对文件中的 UPN 列表执行此操作。您可以参考以下代码段。
#Getting the list of UPNS of the users for whom the process specified needs to be carried out
$user_upns = Get-Content "C:\ListUPN.txt"
#Iterates through each UPN
foreach( $user_upn in $user_upns)
{
Write-Host "Working on the $user_upn" -ForegroundColor Green
#Gets all user from the GROUP B
$users= Get-AzureADGroupMember -ObjectId "<GROUP B ID>" -All $true
#Finds for a specific user and if it exists, goes ahead and remove the specific user from the Group A
$users |?{$_.UserPrincipalName -eq $user_upn} | %{Remove-AzureADGroupMember -ObjectId "<GROUP A ID>" -MemberId $_.objectid}
}
这是在另一个论坛上为我回答的https://www.reddit.com/r/AZURE/comments/k910l4/azure_ad_powershell_help_user_group_memberships/
Reddit 上 TheStig1293 的荣誉
#Store the groups in a variable
$GroupA = Get-AzureADGroupMember -ObjectId '746e5b45-9368-434c-bab1-5d5b7baea075'
$GroupB = Get-AzureADGroupMember -ObjectId '90e136ce-f573-4b4f-9990-21a314963de2'
#Using Compare-object to compare the members of the groups and then using Where-object to select the ones that are in both Groups. This is stored in a variable called Dif
$diff = Compare-Object -ReferenceObject $GroupB.ObjectID -DifferenceObject $GroupA.ObjectID -IncludeEqual | Where-Object {$_.SideIndicator -eq "=="}
#Using foreach to go through each user in diff and then removing them. We are referencing the InputObject property as the Object ID because if you look at the output of Compare-object, that is the anchor for the comparison.
foreach($user in $diff){
#I Included this so you can verify manually they are the users you would like to remove prior to removing.
#Get-AzureADUser -ObjectId $user.InputObject
Remove-AzureADGroupMember -ObjectID '746e5b45-9368-434c-bab1-5d5b7baea075' -MemberID ($User).InputObject
}