Add and Remove Computers from Groups Using PowerShell
These two scripts will add and remove a domain-joined computer to and from, respectively, a domain group. It’s much quicker than typing out the whole cmdlet string each time you need it.
Script One: Add a computer to a group.
Usage: Add_ComputerToGroup <ComputerName> <GroupName>
# xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Filename : Add_ComputerToGroup.ps1 # Purpose : Adds a computer object to an Active Directory group. The group # and the computer must both already be present in Active # Directory. # Versions : 2017.05.15 - Created. Param( [Parameter(Mandatory=$True)][string]$Computer, [Parameter(Mandatory=$True)][String]$Group ) # Set the ErrorActionPreference to SilentlyContinue, because the -ErrorAction # option doesn't work with Get-ADComputer or Get-ADGroup. $ErrorActionPreference = "SilentlyContinue" # Get the computer and group from AD to make sure they are valid. $ComputerObject = Get-ADComputer $Computer $GroupObject = Get-ADGroup $Group if ($ComputerObject) { if ($GroupObject) { # If both the computer and the group exist, add the computer to the # group. Add-ADGroupMember $Group ` -Members (Get-ADComputer $Computer).DistinguishedName Write-Host " " Write-Host "The computer, ""$Computer"", has been added to the group, ""$Group""." ` -ForegroundColor Yellow Write-Host " " } else { Write-Host " " Write-Host "I could not find the group, ""$Group"", in Active Directory." ` -ForegroundColor Red Write-Host " " } } else { Write-Host " " Write-Host "I could not find the computer, $Computer, in Active Directory." ` -ForegroundColor Red Write-Host " " } |
Script Two: Remove a computer from a group.
Usage: Remove_ComputerFromGroup <ComputerName> <GroupName>
# xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Filename : Remove_ComputerFromGroup.ps1 # Purpose : Removes a computer object from an Active Directory group. The # group and the computer must both already be present in Active # Directory. # Versions : 2017.05.15 - Created. Param( [Parameter(Mandatory=$True)][string]$Computer, [Parameter(Mandatory=$True)][String]$Group ) # Set the ErrorActionPreference to SilentlyContinue, because the -ErrorAction # option doesn't work with Get-ADComputer or Get-ADGroup. $ErrorActionPreference = "SilentlyContinue" # Get the computer and group from AD to make sure they are valid. $ComputerObject = Get-ADComputer $Computer $GroupObject = Get-ADGroup $Group if ($ComputerObject) { if ($GroupObject) { # If both the computer and the group exist, remove the computer from # the group. Remove-ADGroupMember $Group ` -Members (Get-ADComputer $Computer).DistinguishedName -Confirm:$False Write-Host " " Write-Host "The computer, ""$Computer"", has been removed from the group, ""$Group""." ` -ForegroundColor Yellow Write-Host " " } else { Write-Host " " Write-Host "I could not find the group, ""$Group"", in Active Directory." ` -ForegroundColor Red Write-Host " " } } else { Write-Host " " Write-Host "I could not find the computer, $Computer, in Active Directory." ` -ForegroundColor Red Write-Host " " } |
Nice job – it works very fine
To remove all devices from a group:
Import-Module ActiveDirectory
CLS
$Groupname = “Insert AD Group Name Here”
$Comps = @(Get-ADGroupMember -identity $Groupname -Recursive | select sAMAccountName)
foreach ($Comp in $Comps){
Remove-ADGroupMember -Identity $Groupname -Member $comp -Confirm:$false}
The powershell help provided on this site was excellent, thank you all.