Morning everyone,
I've been tasked to make a script to remove all group membership from users in a "terminated employees" OU and I need to be able to show what users had what groups remove for auditing purposes.
I've got 2 that "Work" but show different info.
First:
Get-QADUser -SearchRoot 'OU=Canned Employees,DC=Whatever,DC=com' | Remove-QADMemberOf -RemoveAll
Ends up outputting the groups that have been removed but doesn't show the users that they were removed from.
Second:
Foreach ($user in (Get-QADUser -SearchRoot 'OU=Canned Employees,DC=Whatever,DC=com' )){
(Get-QADUser $user).memberof | Get-QADGroup | where {$_.name -ne "domain users"} | Remove-QADGroupMember -member $user -WhatIf
}This one outputs the Users that are having there groups removed, but wont list the groups that were removed.(Does show multiple lines for the same user if there are multiple groups removed though)
Anyone know how I can have all the info displayed?
thank you in advance.