Month: July 2019

MIM 2016: Perform AD Functions in FIM/MIM Workflow without importing the AD PS Module – Part IV

/ Ike Ugochuku / Leave a comment

See PART I for details or history

For RemoveADUserFromGroups use

Function RemoveADUserFromGroups
{
PARAM($FilterString,$NewOU)
END
{
$strFilter = $FilterString
#$strFilter = “((samaccountname=$myAccountName))”
$objDomain=$null
$objSearcher=$null
Try{
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”
$existingObject = $objSearcher.FindAll()
If ($existingObject.count -ne 1)
{
throw (“Error getting the user in AD, User not found or more than one: ” + $strFilter)
}
Else
{

$user = $
existingObject.GetDirectoryEntry();

[String]$userdn = $user.distinguishedName

$myuser = “LDAP://$user.distinguishedName”;

$groups = $User.memberof

foreach ($group in $groups) {

$objGroup = [ADSI]”LDAP://$group”;

$objGroup.Properties[“member”].remove($userdn)

$objGroup.CommitChanges();

$objGroup.close();
}
}
Finally{
#Dispose the searcher to prevent memory leak
if ($objDomain -ne $null)
{
$objDomain.Dispose()
}
if ($objSearcher -ne $null)
{
$objSearcher.Dispose()
}
}
}