Powershell | Using Modify AD Groups with Alternate Credentials
Quick one. Had an issue where I needed to remove a user from a AD group in another domain. To my surprise it was harder then I had thought. At first I settled on using set-QADGroupMember (the Quest Powershell CMDLET) as it takes -connectionusername and -connectionpassword. However it was dog slow. I think that was due to being over a WAN link and it was querying all members (which took about 2-3 mins).
I needed something swifter. I went directly to the .NET controls and reduced the time to about 15 second.
$GroupDN = “LDAP://CN=GroupName,OU=Distribution Lists,DC=domain,DC=local”
$Group = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList $GroupDN,”username”,”Password”
$Group.Properties[“member”].Add(“DN of the User you wish to add”)
$Group.Properties[“member”].Remove(“DN of the User you wish removed”)