PowerShell : Remove user from local Administrator group using PowerShell

Remove user account from local Administrators group :

The following powershell commands remove the given AD user account from local Admins group.

$user = "DomainName/user1";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$userObj = [ADSI]"WinNT://$user,user"
$groupObj.Remove($userObj.Path)

If you want to remove non-domain local user account, you need to just pass the username as shown below:

$user = "ComputerName/user1";

Remove multiple users from local Administrators group :

Use the below PowerShell script to remove set of Active Directory user accounts from local Admins group. First create the text file users.txt which includes one user name in each line.

$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
ForEach ($user in (Get-Content "C:\users.txt"))
{
   $userObj = [ADSI]"WinNT://$user,user"
   $groupObj.Remove($userObj.Path)
}

Remove user from local Admins group on Remote computer :

We need to provide the remote computer name to remove local Administrators group member on a remote computer.

$computer = "GEN8";
$domainUser = "DomainName/user1";
$groupObj =[ADSI]"WinNT://$computer/Administrators,group" 
$userObj = [ADSI]"WinNT://$domainUser,user"
$groupObj.Remove($userObj.Path)

Leave a Reply

Your email address will not be published. Required fields are marked *