Add or Remove a single forest user to a group in all child domains

1
2
3
4
5
6
7
8
9
$user = Get-ADUser 'myusername' -Server 'forestdomain.com'
#==============================================================
$domains = Get-ADForest -Server 'rootdomain.com'
ForEach ($domain in $domains.Domains) {    
    $Group = Get-ADGroup -Identity 'Account Operators' -Server $domain
    # Uncomment the command below needed to add or remove
    #Add-ADGroupMember -Identity $Group -Member $user -Server $domain
    #Remove-ADGroupMember -Identity $Group -Member $user -Server $domain
}

Leave a Reply

Your email address will not be published. Required fields are marked *