Powershell - Get-ADOrganizationalUnit Groups

Question

I'm starting to get my head around powershell. But then again maybe not! Can someone please tell me how to list all security groups within a OU?

I am able to list all the members within a group, for example:

get-adgroupmember "groupName" | select-object name

In the following, I am trying to list all security groups within an OU:

Import-Module ActiveDirectory
Get-ADOrganizationalUnit -Identity 'ou=OUName'

ERROR: Cannot find object with identity: ......

I would like to remove all members from all security groups in a particular OU. Then I would like to add group members from a text file.

Answer 1

From Get-ADOrganizationalUnit

Here is how you're supposed to use -Identity (from the examples at the bottom of the above document):

Get-ADOrganizationalUnit -Identity 'OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM'

So I suspect your 'ou=OUName' needs the relevant DC=domain,DC=com information on the end.

To remove users I'd go about doing it this way:

Get-ADGroup -SearchBase "OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM" -filter {GroupCategory -eq "Security"} | Get-ADGroupMember | Remove-ADGroupMember -WhatIf

Replace -WhatIf with -Confirm:$false if you're happy this does what you need.

Answer 2

If you want to retrieve all the groups in a particular OU. I'd use:

get-adobject -Filter 'ObjectClass -eq "group"' -SearchBase <<Path to OU>>

Passing the returned objects to Get-ADGroupMember will give you the current membership. Then use remove-adgroupmember to strip out the existing members and add-adgroupmemeber to add the names from the txt file.