The Powershell script below allows you to add all the disabled users to a distribution group for easy account management.
$group = (Get-ADGroup 'DistributionGroup_1').DistinguishedName
$users = Get-ADUser -Filter {(Enabled -eq $false) -and (-not (memberof -eq $group))} -SearchBase "OU=Test,OU=TestTest,DC=gh,DC=local"
foreach ($user in $users) {
Get-ADPrincipalGroupMembership -Identity $user | % {Remove-ADPrincipalGroupMembership -Identity $user -MemberOf $_}
Add-ADPrincipalGroupMembership -identity $user -Memberof "Domain Users","DistributionGroup_1"
}
No comments:
Post a Comment