刪除禁用用戶的組成員

Question

我正在嘗試編寫腳本來查找屬於AD中特定OU中的一個或多個組的成員的禁用用戶。然後它將刪除所有禁用用戶的所有組。但我想要生成一個用戶列表，但名稱列表除外。假設我不想爲某些特定的殘疾用戶刪除組。

$SearchBase = "OU=Disabled Users,DC=contoso,DC=com" 
$Users = Get-ADUser -filter * -SearchBase $SearchBase -Properties MemberOf 
$ExcludeUsers =@("SM_82786dfdc96642ed9","SM_516a93b689334db1a") 
$Users = $Users | where-Object { $ExcludeUsers -notcontains $_.samaccountname } 
ForEach($User in $Users){ 
$User.MemberOf | Remove-ADGroupMember -Member $User -Confirm:$false 
} 

錯誤：

Remove-ADGroupMember : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again. 
At line:3 char:22 
+  $User.MemberOf | Remove-ADGroupMember -Member $User -Confirm:$false 
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException 
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember 

Answer 1

好像你發現沒有任何組的用戶（域用戶不是memberof一部分）。使用類似Where-Object的東西來過濾掉空對象。例如：

$User.MemberOf | Where-Object { $_ } | Remove-ADGroupMember -Member $User -Confirm:$false