1
00:00:00,450 --> 00:00:04,200
Listing members of a security group an Active Directory.

2
00:00:04,200 --> 00:00:13,740
So far we've done the addition of Active Directory objects such as users computers and groups to security

3
00:00:13,740 --> 00:00:14,360
groups.

4
00:00:14,370 --> 00:00:21,840
But if you want to check it if we want to list all the users with whom we've actually added to this

5
00:00:21,840 --> 00:00:26,990
group how do they find out the current members of a given security group.

6
00:00:27,000 --> 00:00:35,280
Of course we have a command led for it and it's called Get does a group member as the name indicates

7
00:00:35,370 --> 00:00:38,570
it whereas the members of a given group.

8
00:00:38,640 --> 00:00:45,950
For example let's say the membership of one of the groups that we've used in previous lesson by using

9
00:00:45,960 --> 00:00:54,200
the following command get there's a group member identity person group one and we pipe it to measure

10
00:00:54,200 --> 00:00:54,780
or object.

11
00:00:54,770 --> 00:00:59,860
Come on glad to see how many members we've have gotten this group.

12
00:00:59,910 --> 00:01:04,320
We could also use get a group command led with identity.

13
00:01:04,350 --> 00:01:08,100
Name the group we want to get members of.

14
00:01:08,310 --> 00:01:13,890
In my case it's parent group 1 and pipe it to select by name property.

15
00:01:14,160 --> 00:01:20,180
So we'll be selecting all the objects of this group sorting them by name.

16
00:01:20,220 --> 00:01:21,840
Selecting them by name.

17
00:01:21,930 --> 00:01:24,950
Some more votes about measure option.

18
00:01:24,960 --> 00:01:25,940
Come on glad.

19
00:01:26,070 --> 00:01:32,910
It shows how many objects are returned from the get a group member come and let one wear it for the

20
00:01:32,910 --> 00:01:34,530
members of parent group.

21
00:01:34,540 --> 00:01:39,170
One you could use less command led for any object.

22
00:01:39,180 --> 00:01:46,770
Remember that this is the same group where we added several child groups in the previous lesson while

23
00:01:46,770 --> 00:01:50,970
demonstrating the nested group addition operation.

24
00:01:50,970 --> 00:01:58,590
The second command chose the actual members for resolve understand and I just select the Name property

25
00:01:58,860 --> 00:02:02,490
from the output using the Select parameter.

26
00:02:02,490 --> 00:02:06,530
As mentioned before groups can have user's computer sound.

27
00:02:06,540 --> 00:02:12,000
Other groups as members but how do we know the object type of each member.

28
00:02:12,030 --> 00:02:20,370
This can be achieved by reading the object class property of the returned objects from the get a group

29
00:02:20,370 --> 00:02:21,930
member command led.

30
00:02:21,960 --> 00:02:30,120
So let's run the following command get the group identity test group and pipe it to select by name and

31
00:02:30,210 --> 00:02:37,820
object class as you can see the test as you can see in the following group which is named test group

32
00:02:37,820 --> 00:02:44,460
we have got lots of members groups and computers and users.

33
00:02:44,460 --> 00:02:52,290
Since we've used the recursive switch while quorum it checks for group objects and membership queries

34
00:02:52,320 --> 00:03:00,270
their members and displays the results even if the nested group has other groups in its membership.

35
00:03:00,270 --> 00:03:06,750
The members of that group will also be displayed when group membership is queried recursively group

36
00:03:06,750 --> 00:03:15,820
membership of a security group can be easily exported to CSP or excel file using the expert DST to speak

37
00:03:15,840 --> 00:03:17,470
among left and power.

38
00:03:17,670 --> 00:03:24,600
All we need to do is just pass the output of get the shader group member to this command lad.

39
00:03:24,780 --> 00:03:33,720
As shown in the following example failures and get a member a group member with identity parameter and

40
00:03:33,720 --> 00:03:42,460
we get in the members of test group then we apply it to select and select two by name.

41
00:03:42,510 --> 00:03:50,760
Distinguished name object class and after that we pipe it to export that says we command led which will

42
00:03:50,880 --> 00:03:59,390
save the file in the following location in my case it's on drive C peers folder and group membership

43
00:03:59,400 --> 00:03:59,940
dropped.

44
00:03:59,950 --> 00:04:09,510
See as we file in this code example name distinguish name and the object class of test group members

45
00:04:09,810 --> 00:04:19,200
are exported to CSC file and after export the content of the CSC file look like the example.

46
00:04:19,290 --> 00:04:20,610
I'll show you.

47
00:04:20,610 --> 00:04:27,080
So let me open this file from C P.S. folder and here it is.

48
00:04:27,090 --> 00:04:34,070
Now let's talk about removing member of from an active directory a group as part of daily activities.

49
00:04:34,080 --> 00:04:42,450
A system administrator may need to remove members from security groups or users who have left the organization

50
00:04:42,450 --> 00:04:50,340
and move to a different department and no longer require access to a particular network resource or

51
00:04:50,340 --> 00:04:51,630
shared drive.

52
00:04:51,630 --> 00:04:58,320
This changes generally involve removing user accounts from a given security group.

53
00:04:58,320 --> 00:05:02,820
We have got a common Let Forever down that is called to remove Dash 80.

54
00:05:02,910 --> 00:05:10,560
Group member similar to the get a D group member command let them remove a group member command led

55
00:05:10,890 --> 00:05:19,740
also has two mandatory parameters identity and members their identity parameter takes the name of the

56
00:05:19,740 --> 00:05:28,200
group from which you want to remove the members and the members parameter takes the list of users computers

57
00:05:28,530 --> 00:05:34,860
or group accounts that you want to remove the following sample commands is used to remove for use a

58
00:05:34,860 --> 00:05:37,130
recount from a security group.

59
00:05:37,260 --> 00:05:45,040
So let's remove flap user one from test group for this we should run the following command to remove

60
00:05:45,060 --> 00:05:51,200
this a group member identity test group members lap User 1.

61
00:05:51,360 --> 00:05:59,460
As you can see in the following output the remove the group member command let prompts for confirmation

62
00:05:59,460 --> 00:06:02,970
while removing an object from membership.

63
00:06:02,970 --> 00:06:11,160
This is just a safety measure to make the system administrator verify his actions and proceed with it.

64
00:06:11,160 --> 00:06:18,090
If you are sure that the action you are performing or you don't want to resolve this confirmation prompt

65
00:06:18,450 --> 00:06:26,670
just pass the dollar character falls to the confirmed parameter as shown in the following command.

66
00:06:26,910 --> 00:06:28,770
So let's run the following command.

67
00:06:28,800 --> 00:06:38,220
Now with the confirmed parameter remove a group member identity test group members lap User 1 Confirm

68
00:06:38,460 --> 00:06:39,460
false.

69
00:06:39,480 --> 00:06:46,440
No it shouldn't confirm your I ask you for confirmation to remove or not the user.

70
00:06:46,440 --> 00:06:52,380
And this won't prompt for any confirmation and just proceed with the operation.

71
00:06:52,590 --> 00:06:59,610
So in this example we removed to a user object from the security group to remove a computer account

72
00:06:59,610 --> 00:07:01,270
from the security group.

73
00:07:01,290 --> 00:07:08,720
You can follow a similar approach and pass the name on the computer account to members parameter.

74
00:07:08,760 --> 00:07:16,440
You should remember to fix the computer or name with the dollar or assign a dollar character just as

75
00:07:16,440 --> 00:07:20,770
we did for the ad that a group member command led.

76
00:07:20,820 --> 00:07:23,750
Otherwise your removal will fail.

77
00:07:23,880 --> 00:07:32,070
So the following command to remove their computer com one or some other computer or lap a server to

78
00:07:32,370 --> 00:07:33,860
whatever name you need.

79
00:07:33,870 --> 00:07:36,810
Computer recon from the security group.

80
00:07:36,870 --> 00:07:45,040
Let's review this command will use remove the shade group member identity test group members comm comp

81
00:07:45,060 --> 00:07:54,810
1 or Lapis are with 2 or 3 and confirm parameter which ensures that we won't be asked for confirmation

82
00:07:54,810 --> 00:07:55,920
of removal.

83
00:07:55,920 --> 00:08:01,050
So removing a single user a computer account from a security group is easy.

84
00:08:01,350 --> 00:08:04,800
But how do they perform this operation in bulk.

85
00:08:04,800 --> 00:08:12,900
Let's take a small example where you have a list of user or computer names in the C a sphere file along

86
00:08:12,900 --> 00:08:16,800
with the group names from which they should be removed.

87
00:08:16,800 --> 00:08:24,130
Now our task is to read the details from the CSP file and remove the members accordingly.

88
00:08:24,170 --> 00:08:31,090
Assume a sample size free file looks like the following file which I've got here.

89
00:08:31,230 --> 00:08:32,550
Let me open it.

90
00:08:32,580 --> 00:08:35,060
It's called group removals.

91
00:08:35,070 --> 00:08:36,330
Dot V.

92
00:08:36,450 --> 00:08:44,100
So it's got object name which is the name of the user or computer or group that you want to remove the

93
00:08:44,220 --> 00:08:49,160
object type represents what type of object you want to remove.

94
00:08:49,290 --> 00:08:56,670
And the third column holds the group name from which you want to remove the object and we've got the

95
00:08:56,670 --> 00:09:06,460
code example to remove all these objects first real import the CSP file as we've done before with the

96
00:09:06,750 --> 00:09:10,990
import does that sorry Dash says V.

97
00:09:11,100 --> 00:09:20,360
Come on lad and we'll be importing the file from C P S folder and the file name is group removals DOT

98
00:09:20,370 --> 00:09:21,070
says V.

99
00:09:21,400 --> 00:09:28,980
Len will look through each entry and see as a file with the full reach command so forage entry will

100
00:09:28,980 --> 00:09:39,900
be read in group name and if if the object is a computer they have to at this $ character to its name.

101
00:09:39,900 --> 00:09:49,950
So you could save this code to P.S. 1 file with a to the file with the extension dot P S1 and run it

102
00:09:49,950 --> 00:09:51,280
from power show.

103
00:09:51,330 --> 00:09:59,310
Or you could run it in our grouped in environment by selecting the whole code and press and Ron button

104
00:09:59,750 --> 00:10:05,030
some words about deleting a security group when a group is no longer required.

105
00:10:05,030 --> 00:10:11,420
It needs to be removed or deleted from active directory in order to keep the database cleared and up

106
00:10:11,420 --> 00:10:17,360
to date before performing the delete operation make sure it has no members inside.

107
00:10:17,600 --> 00:10:22,470
If there are members in this group then the user will face problems.

108
00:10:22,550 --> 00:10:29,900
Once the group is deleted it is difficult to revert the change unless you have efficient restoration

109
00:10:29,900 --> 00:10:32,750
mechanisms in your environment.

110
00:10:32,750 --> 00:10:37,800
Also performance such a restore operations is not straight forward.

111
00:10:37,850 --> 00:10:45,710
It can be done only by people who understand it so it is important to ensure that there are no members

112
00:10:46,040 --> 00:10:47,960
in the group before dilution.

113
00:10:47,990 --> 00:10:55,160
A security group an active directory can be deleted using the remove dash a group command led similar

114
00:10:55,160 --> 00:11:03,310
to removing group membership deleting the group also prompt for confirmation and it can be also suppressed

115
00:11:03,320 --> 00:11:11,150
by using the same logic that we applied while deleting with the removed as a group member command lad.

116
00:11:11,150 --> 00:11:19,430
So let's run the following command remove the shader group this identity test group 1 and confirm parameter

117
00:11:19,700 --> 00:11:20,660
false.

118
00:11:20,660 --> 00:11:28,700
Groups that need to be deleted can be search you then get there's a group command led and the output

119
00:11:28,730 --> 00:11:36,120
can be passed to the remove a group command led for deletion as shown in this example.

120
00:11:36,140 --> 00:11:39,720
So we are getting group first and then were deleted.

121
00:11:39,950 --> 00:11:43,830
So let's run the following command gather the group filter.

122
00:11:43,940 --> 00:11:51,980
Name like test group so we are looking for the names which contain test group in it all the groups which

123
00:11:51,980 --> 00:11:59,990
contain test groups in it and pass it to the pipe after which we are running the next command which

124
00:11:59,990 --> 00:12:03,850
is removed as a group without confirmation.

125
00:12:03,860 --> 00:12:14,360
So as you can guess get a group can return a few groups when we search for groups Green with a following

126
00:12:14,720 --> 00:12:24,440
name test group and all those groups are passed to remove groups via a pipeline and with a confirm options

127
00:12:24,440 --> 00:12:25,730
set to false.

128
00:12:25,730 --> 00:12:31,460
This will delete all the security groups that have names starting with Task Group.