我有这个脚本可以将所有组所有者作为Azure AD上的成员,现在我想删除他们。你们能帮忙吗?感谢
$groups=Get-AzureADGroup -All $true
$resultsarray =@()
ForEach ($group in $groups){
$members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true
ForEach ($member in $members){
$UserObject = new-object PSObject
$UserObject | add-member -membertype NoteProperty -name "Group Name" -Value $group.DisplayName
$UserObject | add-member -membertype NoteProperty -name "Member Name" -Value $member.DisplayName
$UserObject | add-member -membertype NoteProperty -name "ObjType" -Value $member.ObjectType
$UserObject | add-member -membertype NoteProperty -name "UserType" -Value $member.UserType
$UserObject | add-member -membertype NoteProperty -name "UserPrinicpalName" -Value $member.UserPrincipalName
$resultsarray += $UserObject
}
}
$resultsarray | Export-Csv -Encoding UTF8 -Delimiter ";" -Path "C:scriptsoutput.csv" -NoTypeInformation首先,您的脚本是获取所有组成员,而不是组所有者。
但根据您的描述,您希望删除所有组所有者。
我想你错别字了,你的要求是删除群所有者。
您应该使用Get-AzureADGroupOwner来获取所有者。然后使用Remove-AzureADGroupOwner删除它们。
由于The group must have at least one owner,您无法删除所有所有者。所以你需要有一个主人。
示例(我假设您的所有组都有所有者testUpn@tenant.com。请根据您的实际情况修改此脚本(:
$groups = Get-AzureADGroup -All $true
$keptOwner = Get-AzureADUser -ObjectId "testUpn@tenant.com"
foreach ($group in $groups){
$owners = Get-AzureADGroupOwner -ObjectId $group.ObjectId -All $true
foreach ($owner in $owners){
if ($keptOwner.ObjectId -ne $owner.ObjectId){
Remove-AzureADGroupOwner -ObjectId $group.ObjectId -OwnerId $owner.ObjectId
}
}
}
如果要删除所有组成员,则没有限制。
示例:
$groups = Get-AzureADGroup -All $true
foreach ($group in $groups){
$members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true
foreach ($member in $members ){
Remove-AzureADGroupMember -ObjectId $group.ObjectId -MemberId $member.ObjectId
}
}