powershell刪除其他子域的aduser組成員芯片

Question

腳本應刪除其所有Groupmemberchips（包括forestdomain和其他子域中的成員身份）的ADUser，將其停用並將其移入另一個OU。

環境：

forest-domain: forest.com 
child-domains: child1.forest.com 
       child2.forest.com 
       child3.forest.com 

腳本在運行child1.forest.com

這是腳本至今：

$username="testuser" 
$groups=Get-ADPrincipalGroupMembership -Identity $username | where {$_.name -notlike "Domain Users"} 

$getuser=Get-ADUser -Identity $username | select DistinguishedName 
$userpath=$getuser.DistinguishedName 

foreach ($group in $groups) { 
    Remove-ADGroupMember -Identity $group -member $username -Confirm:$false 
} 

Disable-ADAccount -Identity $username 
Move-ADObject "$userpath" -TargetPath "OU=Deaktivierte Benutzer,DC=child1,DC=forest,DC=com" 

實際上它全成會刪除child1的所有組memberchips .forest.com但不是forest.com或child2.forest.com

This c Ode正在正常工作：

$User=Get-ADUser "testuser" -server "child1.forest.com" 
$Group=Get-ADGroup "SomeGroup" -server "forest.com" 
Remove-ADGroupMember $Group -Members $user -server "forest.com" -Confirm:$false 

我試圖合併這些腳本片段，但尚未成功。 我有一個想法...讀取OU的域，並將其傳遞到循環，但我沒有得到它的工作，以我可以使用它的方式讀取OU。

有人可以幫忙嗎？

Answer 1

找到了解決辦法，我查詢，如果該組中的服務器存在：

$found=0 
$servers=@("forest.com","child1.forest.com","child2.forest.com","child3.forest.com") 
$username="testuser" 
$user=Get-ADUser -Identity $username 
$groups=Get-ADPrincipalGroupMembership -Identity $user | where {$_.name -notlike "Domain Users"} 

foreach ($group in $groups) { 

    foreach ($server in $servers) {   
     $groupname=$group.name 
     $groupserver=Get-ADGroup $groupname -server $server 

     if($groupserver) 
     { 
      $group=Get-ADGroup $groupname -server $server 
      Remove-ADGroupMember $Group -Members $user -Confirm:$false -ErrorAction SilentlyContinue 
      $found=1 
     } 
     if ($found -eq 1){break} 
    } 

}