Azure AD - remove disabled users from groups

相关文章推荐

逼格高的核桃 · 使用PageHelper遇到的报 ...· 1 年前 ·

豪爽的香烟 · json格式字符串用Uncaught ...· 1 年前 ·

直爽的猴子 · SQL接受两个行值，并将其转置为一行上的两列 ...· 1 年前 ·

细心的丝瓜 · MySQL RIGHT函数：从右侧截取字符串· 1 年前 ·

暴躁的闹钟 · DATAGRID 设置表的主键 ...· 1 年前 ·

Domain = Hybrid Environment.

Disabled users are in a OU and these users are members of groups.
Groups are created in Azure AD.
How to remove the disabled users from these groups using PowerShell?

@Venkatesh M

Thank you for reaching out to us. As I understand you are looking to remove on-premise disabled users from Azure AD groups ( if my understanding is incorrect, please let me know ).

You can refer to this article https://arconnetblog.wordpress.com/2018/12/07/clean-azure-ad-groups-for-disabled-users/ (similar requirement as yours cleaning up of on-premise disabled users from Azure AD Group).

Note: Please test the script in test environment before implementing in production.

Let me know if you have any further questions.

Iam running stage by stage the script, the first section went through and have the disabled user in CSV.
In the second stage to fetch users are member of which group, Do I need to use import CSV path ?
As this missing here

$disabled_OnlineMembership = foreach ($user in $disabledUsers) {
if ($user.UserPrincipalName) {
$userObjectId = Get-Msoluser –UserPrincipalName $user.UserPrincipalName | Select-Object –ExpandProperty ObjectId
$group = Get-AzureADUserMembership –ObjectId $userObjectId | Select-Object * | Where-Object {-not ($_.DirSyncEnabled)}
if ($group) {
[pscustomobject]@{
UserName = $user.SamAccountName
DisplayName = $user.Name
Enabled = $user.Enabled
UserDN = $user.DistinguishedName
AADUserObjecID = $userObjectId
GroupName = $group.DisplayName
GroupMail = $group.Mail
AADGroupID = $group.ObjectID

@Venkatesh M

Remove-AzureADGroupMember : Cannot bind argument to parameter 'MemberId' because it is null. This error is caused by the typo in the script.

In the second script ( of this blog https://arconnetblog.wordpress.com/2018/12/07/clean-azure-ad-groups-for-disabled-users/ ) there is a typo here AADUserObjecID = $userObjectId , it should be AADUserObjectID = $userObjectId due to this we see the error mentioned above.

Looks like you deleted the comment, wanted to check did the entire script solved your purpose of deleting the disabled users from Azure AD group.

Let me know if you have any questions.

Finally able to fix some errors in this script and executed it.

create custom object with all the information we require. here
One need to add $disabledUsers=Import-Csv -Path C:\Temp\disabled_users.csv

Remove users from group

Another is syntax fix
Remove-AzureADGroupMember -ObjectId $group -MemberId $onlineUser.AADUserObjecID

Thanks for support and help.

@Venkatesh M

Thanks for the update and would be moving this conversation to the answer section.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.