Advertisement
I was looking for script which can perform AD groups which are nested more than 1 level.(need to flatten AD groups up to level1)<\/p>\n
Found below script which does complete of groups. following level2, level3, level4, level 5, level6 should be but level 1 nesting should be as it is<\/p>\n
# Specify the DistinguishedName (DN) of the parent group. \n\n# We will remove all members of this group that have class \"group\". \n\n$GroupDN = \"cn=Sales,ou=North,dc=domain,dc=com\" \n\n# The Member property is an array of the DistinguishedNames (DN) of all direct members of the group. # The DN is required by Get-ADObject, which we use to determine the class of each member. $Members = (Get-ADGroup -Identity $GroupDN -Properties Member).Member \n\n # Create an array of distinguished names of nested groups to remove. \n\n$GroupsToRemove = @() \n\n # Enumerate all direct members of the parent group and determine which are nested groups. \n\nForEach ($Member In $Members) \n\n{ \n\n # Members can be users, computers, contacts, or nested groups. We only consider groups. \n\n $Class = (Get-ADOject -Identity $Member).ObjectClass If ($Class -eq \"group\") { \n\n # Add the DN of this nested group to the array of groups to remove. \n\n $GroupsToRemove = $GroupsToRemove + $Member \n\n } \n\n} \n\n # Remove any nested groups from the parent group. \n\nIf ($GroupsToRemove.Count -gt 0) \n\n{ \n\nSet-ADGroup -Identity $GroupDN -Remove @{Member=$GroupsToRemove\n\n} \n\n} \n<\/code><\/pre>","upvoteCount":4,"answerCount":4,"datePublished":"2020-04-24T15:32:16.000Z","author":{"@type":"Person","name":"arasumane","url":"https://community.spiceworks.com/u/arasumane"},"suggestedAnswer":[{"@type":"Answer","text":"
Advertisement
I was looking for script which can perform AD groups which are nested more than 1 level.(need to flatten AD groups up to level1)<\/p>\n
Found below script which does complete of groups. following level2, level3, level4, level 5, level6 should be but level 1 nesting should be as it is<\/p>\n
# Specify the DistinguishedName (DN) of the parent group. \n\n# We will remove all members of this group that have class \"group\". \n\n$GroupDN = \"cn=Sales,ou=North,dc=domain,dc=com\" \n\n# The Member property is an array of the DistinguishedNames (DN) of all direct members of the group. # The DN is required by Get-ADObject, which we use to determine the class of each member. $Members = (Get-ADGroup -Identity $GroupDN -Properties Member).Member \n\n # Create an array of distinguished names of nested groups to remove. \n\n$GroupsToRemove = @() \n\n # Enumerate all direct members of the parent group and determine which are nested groups. \n\nForEach ($Member In $Members) \n\n{ \n\n # Members can be users, computers, contacts, or nested groups. We only consider groups. \n\n $Class = (Get-ADOject -Identity $Member).ObjectClass If ($Class -eq \"group\") { \n\n # Add the DN of this nested group to the array of groups to remove. \n\n $GroupsToRemove = $GroupsToRemove + $Member \n\n } \n\n} \n\n # Remove any nested groups from the parent group. \n\nIf ($GroupsToRemove.Count -gt 0) \n\n{ \n\nSet-ADGroup -Identity $GroupDN -Remove @{Member=$GroupsToRemove\n\n} \n\n} \n<\/code><\/pre>","upvoteCount":4,"datePublished":"2020-04-24T15:32:16.000Z","url":"https://community.spiceworks.com/t/script-for-ad-groups/760348/1","author":{"@type":"Person","name":"arasumane","url":"https://community.spiceworks.com/u/arasumane"}},{"@type":"Answer","text":"If you post code, please use the ‘Insert Code’ button. Please and thank you!<\/p>\n