My Profile Photo

duffney.io


DevOps Engineer | Pluralsight Author | Speaker | Blogger | PowerShell Advocate


Move all Members of an ActiveDirectory Group to being just Members with PowerShell

Applies to: Windows PowerShell 3.0+

Recently my team and I discovered an Active Directory group that was causing token bloat within our environment. The reason was due to someone place 246 objects in the members of section of the AD group, when they should have been in the members section. Active Directory Administration tool makes removing them from the member of easy, but add them to the members section first not so easy. To solve this problem I wrote a little function that takes all the “member of” groups puts it into a variable and loops through adding then to the member section. It then, removes the group or object from the member of section. I wrote it as an advanced function \ cmdlet called Move-ADGroupMembersofToMember.

To use this function, either copy the code and paste into your ISE session or save it as a .ps1 file and load the script into your PowerShell session. This function only has one parameter called TargetGroup. This is the group that you want to move all the members of to members and remove them from the members of section. Below demonstrates how to use this function.

moveadgroupmemberof

Acknowledgements

Spiceworks Community post credit to cduff for helping out