Remove User From AzureAD Group Script

Just a quick post to share a simple PowerShell script that will allow administrators to remove a User from an AzureAD Group.

Script will prompt for the UPN of the user that you want to manage and produce a menu list of all their group memberships

Simply enter the number in the square brackets [] when prompted by the script

Connect-AzureAD
$user = Read-Host "Please enter the UPN of the user you want to remove"
$azureUser = Get-AzureADUser -ObjectId $user
$groupMembership = Get-AzureADUserMembership -ObjectId $azureUser.ObjectId
$x = 1
$groupArray = @()
ForEach($grp in $groupMembership){
Write-Host "[$($x)] - $($grp.DisplayName)"
$groupArray += New-Object -TypeName psobject -Property @{Id = $x; GroupId = $grp.ObjectId; GroupName = $grp.DisplayName}
$x++
}
$removeFromGroup = Read-Host "Please enter the ID of the Group you want to remove the user from"
$GroupId = $groupArray | where {$_.Id -eq $removeFromGroup}
Write-Host "Removing $($user) From Group $($GroupId.GroupName)" -ForegroundColor Yellow
$confirm = Read-Host "Are you sure you want to proceed (y/n)?"
if ($confirm -ieq "y"){
Remove-AzureADGroupMember -ObjectId $GroupId.GroupId -MemberId $azureUser.ObjectId
Write-Host "User $($user) has been removed from the group" -ForegroundColor Green
}else{
Write-Host "Process Cancelled, no changes have been made" -ForegroundColor Red
}
Disconnect-AzureAD

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.