Question : How do I remove users from all our group in AD

I currently have a file where I run a DSQUERY on users within a specific OU Which I then PIPE into a DSMOD USER so that i can change the Description on the Accounts.

When this is done I then end up with a DSMOVE to move the Account into another OU. This all works fine but I know want to also remove the USERS from all the groups they maybe a part of.

The current text I'm using to do all the above barring the removing from groups is as follows:

dsquery user "OU=Disabled Accounts,OU=Data Has Been Archived,OU=base,OU=Staff,OU=Accounts - Archive,DC=Home,DC=co,DC=uk" | dsmod user -desc "Archived %Date%"
For /F "delims=" %%u IN ('dsquery user -desc Archived "OU=Disabled Accounts,OU=Data Has Been Archived,OU=Base,OU=Staff,OU=Accounts - Archive,DC=Home,DC=co,DC=uk"') DO dsmove %%u -newparent "OU=Data Has Been Archived,OU=Base,OU=Staff,OU=Accounts - Archive,DC=Home,DC=co,DC=uk"

Many thanks for anyones help

Answer : How do I remove users from all our group in AD

This will list members of OU, for each member it will list groups, then it will remove member from each group. User will remain member of his primary group (Domain Users)

For /F "delims=" %%w IN ('dsquery user -desc Archived "OU=Data Has Been Archived,OU=Base,OU=Staff,OU=Accounts - Archive,DC=Home,DC=co,DC=uk"') DO (
      For /F "delims=*" %%g IN ('dsget user %%w -memberof -expand') DO (
            dsmod group %%g -rmmbr %%w
      )
)

Random Solutions

Windows Server 2008 Server as DC with DNS service; DNS server does not start.

HP Procurve Manager

Home network printer share...

LDAP returned the error [32] Insufficient Rights when importing the transaction Event ID 8270

2003 SBS blocking incoming SMTP from firewall 0x800CCC0E

SIP/H323 GW or H323 operator

Lookup Email Addresses from large text file list and verify if exists in AD

Error 623 from Dialup connections & networking.

Unauthorized Logins

Slow VPN Performance