Skip to content

Adding and removing group members

Add a member to a group

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the group
$groupDN = "CN=SalesGroup,CN=Users,DC=domain,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)

# Add member
$userPath = "Adaxes://CN=John Smith,CN=Users,DC=domain,DC=com"
$group.Add($userPath)
Import-Module Adaxes

$identityGroup = "SalesGroup" # sAMAccountName
# $identityGroup = "CN=SalesGroup,CN=Users,DC=domain,DC=com"  # DN
# $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID
# $identityGroup = "S-1-5-21-573937-2149998-410785" # SID

$identityUser = "jsmith" # sAMAccountName
# $identityUser = "CN=John Smith,CN=Users,DC=domain,DC=com"  # DN
# $identityUser = "{47058766-489A-449E-A7E4-7B84B05768FC}" # GUID
# $identityUser = "S-1-5-21-252558962-2120680786-1829143083-574510" # SID


Add-AdmGroupMember -Identity $identityGroup -Members $identityUser `
    -Server "domain.com" -AdaxesService localhost

Remove a member from a group

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$admNS = New-Object("Softerra.Adaxes.Adsi.AdmNamespace")
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the group
$groupDN = "CN=SalesGroup,CN=Users,DC=domain,DC=com"
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)

# Remove member
$userPath = "Adaxes://CN=John Smith,CN=Users,DC=domain,DC=com"
$group.Remove($userPath)
Import-Module Adaxes

$identityGroup = "SalesGroup" # sAMAccountName
# $identityGroup = "CN=SalesGroup,CN=Users,DC=domain,DC=com"  # DN
# $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID
# $identityGroup = "S-1-5-21-573937-2149998-410785" # SID

$identityUser = "jsmith" # sAMAccountName
# $identityUser = "CN=John Smith,CN=Users,DC=domain,DC=com"  # DN
# $identityUser = "{47058766-489A-449E-A7E4-7B84B05768FC}" # GUID
# $identityUser = "S-1-5-21-252558962-2120680786-1829143083-574510" # SID

Remove-AdmGroupMember -Identity $identityGroup -Members $identityUser `
    -Server "domain.com" -AdaxesService localhost -Confirm:$False

See also