Saturday, October 24, 2015

Powershell Add or Remove members from Remote Group Module

To show this demo I am using 2 computers, one is Windows 2012 R2 (192.168.33.11) and another is windows 7 (192.168.33.16), From Windows 2012 R2 I will be executing all the commands remotely on 192.168.33.16. Both the commands use ADSI API to do the Addition or removal task., To know more example use Get-Help CMDLET -full to know more information. 



Why I wrote this article or script?
Earlier I written article on how to add users to group using Group Policy, It is not easy if you want to add users or group certain computers, you can do that through creating OU. But again inventory thing is not possible using it.

Remove-GroupMember
In earlier article I showed how to get information remotely using Get-GroupMembers cmdlet. I showed some cool csv file containing the data.
Lets say now we have data, Next what you want to Remove them Remotely. This Remove-GroupMember cmdlet is handy. To show the demo I will be removing vcloud\Devil user from "Remote Desktop Users" Group.
Simply in the powershell run below command. (To check how loaded module check my previous article Get-GroupMembers ).

Get-GroupMembers -ComputerName 192.168.33.16 -RemoteGroups "Remote Desktop Users"

vKunal is the user in vCloud Domain. (vcloud\vkunal)
Remove-GroupMember -ComputerName 192.168.33.16 -RemoteGroup "Remote Desktop Users" -Domain vcloud -User vkunal

(Tip: You can run Get-Help Remove-GroupMember,  To know on additian help.)

It detect if machine is not reachable, and will not go checking the server, even if some parameters are incorrect it will show message. you can verify Group members using Get-GroupMembers again.



https://drive.google.com/folderview?id=0B9eArMQqZh_wYkY0cGliTkZ3MVE&usp=sharing

Add-GroupMember
As Remove-GroupMember is handy command to Remove member remotely, Add-GroupMember has its own magic. Many times we get request to add users or groups to multiple server's group. Earlier I removed vcloud\vkunal from remote Desktop users, Now I will be using vCloud\Devil user and Group vCloud\DemoGroup.

Here is the Demo.

Add-GroupMember -ComputerName 192.168.33.16 -RemoteGroup "Remote Desktop Users" -Domain vCloud -User Devil

Add-GroupMember -ComputerName 192.168.33.16 -RemoteGroup "Remote Desktop Users" -Domain vCloud -User DemoGroup



It may be possible that both 192.168.33.11 and 192.168.33.16 may not be in same domain, at that time you can use -Credential (Get-Crendential) parameter, These parameters can be used in all the cmdlet Add-GroupMember, Remove-GroupMember or Get-GroupMembers.

Next is verification using Get-GroupMembers. 2 Members are listed.
https://drive.google.com/folderview?id=0B9eArMQqZh_wYkY0cGliTkZ3MVE&usp=sharing
Other usefull Scripts
Get members from Remote Groups
List account configured on logon of Windows Service - Powershell

1 comment:

John said...

Can this be used with a file containing multiple IP Addresses and Usernames?

ex Computername User
192.168.1.10 john.doe
192.168.2.11 jane.doe
192.168.3.12 freddy.kruger