Skip to content

Adding and removing computers from groups

Add a computer account to a group

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the group
$groupDN = "CN=My Group,CN=Users,DC=domain,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)

# Add computer to group
$computerDN ="CN=MYCOMPUTER,CN=Computers,DC=domain,DC=com"
$group.Add("Adaxes://$computerDN")
Import-Module Adaxes

$identityGroup = "MyGroup" # sAMAccountName
# $identityGroup = "CN=My Group,CN=Users,DC=domain,DC=com"  # DN
# $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID
# $identityGroup = "S-1-5-21-573937-2149998-410785" # SID

$identityComputer = "MYCOMPUTER$" # sAMAccountName
# $identityComputer = "CN=MYCOMPUTER,CN=Computers,DC=domain,DC=com"  # DN
# $identityComputer = "{D4BD8631-FD29-4E34-A77B-3505B7D66BA5}" # GUID
# $identityComputer = "S-1-5-21-252558962-2120680786-1829143083-580051" # SID

Add-AdmGroupMember -Identity $identityGroup -Members $identityComputer `
    -Server "domain.com" -AdaxesService localhost

Remove a computer account from a group

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the group
$groupDN = "CN=My Group,CN=Users,DC=domain,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)

# Remove computer from group
$computerDN ="CN=MYCOMPUTER,CN=Computers,DC=domain,DC=com"
$group.Remove("Adaxes://$computerDN")
Import-Module Adaxes

$identityGroup = "MyGroup" # sAMAccountName
# $identityGroup = "CN=My Group,CN=Users,DC=domain,DC=com"  # DN
# $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID
# $identityGroup = "S-1-5-21-573937-2149998-410785" # SID

$identityComputer = "MYCOMPUTER$" # sAMAccountName
# $identityComputer = "CN=MYCOMPUTER,CN=Computers,DC=domain,DC=com"  # DN
# $identityComputer = "{D4BD8631-FD29-4E34-A77B-3505B7D66BA5}" # GUID
# $identityComputer = "S-1-5-21-252558962-2120680786-1829143083-580051" # SID

Remove-AdmGroupMember -Identity $identityGroup -Members $identityComputer `
    -Server "domain.com" -AdaxesService localhost -Confirm:$False

See also