PSCitrix

2.1.0

Public/Remove-ADUserFromGroup.ps1

                                <#

.SYNOPSIS

    Removes users from a specified Active Directory group.

.DESCRIPTION

    This function removes users from a specified AD group. It accepts input as a single username, a text file, or a CSV file containing multiple usernames.

.PARAMETER UserInput

    Specifies the username, or a file path containing usernames. The file can be a plain text file with one username per line, or a CSV file.

.PARAMETER Group

    Specifies the name of the AD group from which users will be removed.

.PARAMETER UserInputType

    Specifies the type of input: 'Single' for individual usernames, 'TextFile' for a text file, or 'CSV' for a CSV file. Default is 'Single'.

.EXAMPLE

    Remove-ADUserFromGroup -UserInput "jdoe" -Group "Domain Users"

    Removes the user 'jdoe' from the 'Domain Users' group.

.EXAMPLE

    Remove-ADUserFromGroup -UserInput "C:\Users\userlist.txt" -Group "Domain Users" -UserInputType "TextFile"

    Removes all users listed in 'userlist.txt' from the 'Domain Users' group.

.EXAMPLE

    Remove-ADUserFromGroup -UserInput "C:\Users\usernames.csv" -Group "Domain Users" -UserInputType "CSV"

    Removes all users listed in 'usernames.csv' from the 'Domain Users' group.

.NOTES

    Requires Active Directory PowerShell module and appropriate permissions to modify group memberships.

#>

Function Remove-ADUserFromGroup {

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory = $true)]

        [string]$UserInput,

        [Parameter(Mandatory = $true)]

        [string]$Group,

        [Parameter(Mandatory = $false)]

        [ValidateSet("Single", "TextFile", "CSV")]

        [string]$UserInputType = "Single"

    )

    Begin {

        $dateTime = Get-Date -Format "\[dd/MM/yy HH:mm:ss\]"

        $LocalSite = (Get-ADDomainController -Discover).Site

        $NewTargetGC = Get-ADDomainController -Discover -Service 6 -SiteName $LocalSite

        If (!$NewTargetGC) { $NewTargetGC = Get-ADDomainController -Discover -Service 6 -NextClosestSite }

        $LocalGC = "$($NewTargetGC.HostName):3268"

        $GroupObj = Get-ADGroup -Filter "Name -eq '$Group'" -Properties CanonicalName, DistinguishedName -Server $LocalGC

        $GroupDN = $GroupObj.DistinguishedName

        $GroupDomain = $GroupObj.CanonicalName.Split("/")[0]

    } 

    Process {

        $usernames = switch ($UserInputType) {

            "Single" { @($UserInput) }

            "TextFile" { Get-Content -Path $UserInput }

            "CSV" { Import-Csv -Path $UserInput | ForEach-Object { $_.Username } }

        }

        foreach ($username in $usernames) {

            $UserObj = Get-ADUser -Filter "sAMAccountName -eq '$username'" -Properties MemberOf -Server $LocalGC

            if ($UserObj -and ($UserObj.MemberOf -contains $GroupDN)) {

                Set-ADGroup -Remove @{Member=$UserObj.DistinguishedName} -Identity $GroupObj.DistinguishedName -Server $GroupDomain -Confirm:$false

                Write-Output "$dateTime : User '$username' removed successfully from '$Group'."

            } elseif ($UserObj) {

                 Write-Output "User '$username' is not a member of the group '$Group'."

            } else {

                Write-Output "User '$username' not found in AD. Skipping..."

            }

        }

    }

    End {

        #Write-Output "Completed membership checks and updates for the group '$Group'."

    }

}