This post details some of the user account basics, such as removing a user from a group, and deleting a user account from the local computer.
# Computer name $ComputerName = $env:COMPUTERNAME # User to remove $User = "JDoe" # Group name to remove user from $GroupName = "Administrators" # --------------- $ADObject = [ADSI]("WinNT://$ComputerName,computer") $Group = $ADObject.PSBase.Children.Find("$GroupName") $ErrorActionPreference = "SilentlyContinue" [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null # return members of admin group Get-WmiObject Win32_Group -Filter "LocalAccount=True" | foreach { $_.Name } Write-Host "" # Remove from admin group $Group.Remove("WinNT://$User") Write-Host "Removed $User from $GroupName" Write-Host "" # Delete account from computer $ADObject.Delete('User',$User) Write-Host "Deleted $User from $ComputerName" Write-Host "" $ComputerName = "" $User = "" $ADObject = "" $Group = "" $GroupName = ""
Notes
ADS_USER_FLAG_ENUM enumeration
#list users in domain admins group Get-ADGroupMember -identity "domain admins" | Get-ADUser -Property DisplayName | Select Name #list all user account properties Get-ADUser username -Properties * | Select * #remove a list of users ForEach ($User in (Get-Content "C:\_PowerShell\users.txt")) { $Group.Remove("WinNT://$User") } #multiple computers $ComputerNames = "PC1","PC2","PC3","PC4" #Disable Account $newuser.userflags.value = $newuser.UserFlags.value -BOR $Disabled $newUser.SetInfo() #Enable Account $newuser.userflags.value = $newuser.UserFlags.value -BXOR $Disabled $newUser.SetInfo() #Force Change $newUser.PasswordExpired = 1 $newUser.SetInfo() $Computername = $env:COMPUTERNAME $ADSIComp = [adsi]"WinNT://$Computername" $ADSIComp.Delete('User','UserToDelete') #Create password $Password = Read-Host -Prompt "Enter password for $Username" -AsSecureString $BSTR = [system.runtime.interopservices.marshal]::SecureStringToBSTR($Password) #Set password on account $_password = [system.runtime.interopservices.marshal]::PtrToStringAuto($BSTR) $NewUser.SetPassword(($_password)) $NewUser.SetInfo() #Cleanup [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR) Remove-Variable Password,BSTR,_password