Very useful tip found on the internet : how to update a computer group membership without a reboot ? Problem If, like me, you use Group Policies and apply them on computer account using security groups, you notice these GPOs
Find and remove lingering object in a forest
Playing with ACL on the Active Directory objects
Update ACL on a Microsoft DNS Active Directory record
Get Distribution list members recursively including contact objects
Group policy Admin Templates browser
Remove group membership from multiple domain
The Powershell cmdlet Remove-ADGroupMember have a problem to remove group membership in this case : user account from Domain1.domain.local group from Domain2.domain.local If you run the command : Remove-ADGroupMember -Identity “CN=GroupName,OU=Groups,DC=Domain2,DC=domain,DC=local” -Members “CN=UserName,OU=Users,DC=Domain1,DC=domain,DC=local” -confirm:$false -server “dc01.Domain1.domain.local” You will have the
Remove all group memberships from a user
This script can remove all group memberships from an Active Directory user, except the “Domain Users” group import-module activedirectory $DistinguishedName = “cn=youruseraccount,ou=users,dc=domain,dc=local” (Get-ADUser $DistinguishedName -Properties MemberOf | Select-Object MemberOf).MemberOf | % { Remove-ADGroupMember -Identity $_ -Members $DistinguishedName -confirm:$false } My
Set a random password to an Active Directory user
This script use the function GET-Temppassword to set a random password to a user account. You can customize this function with your own criteria import-module activedirectory Function GET-Temppassword() { $chars_min = [Char[]]”abcdefghijklmnopqrstuvwxyz” $chars_maj = [Char[]]”ABCDEFGHIJKLMNOPQRSTUVWXYZ” $chars_num = [Char[]]”0123456789″ $x_min =