Remove-LocalGroupMember in PowerShell is used to remove users from a local group. This command removes users or groups from a local group.
Here is the PowerShell command to remove users from a local group.
Remove-LocalGroupMember -Group "<group name>" -Member "<user/groups>" [-SID] <SecurityIdentifier>
Removing users from a group is very common when users leave an organization or move to another business group.
In this article, we will discuss how to get members of a local group, remove users from a local group, and remove all users from a group on the remote machine with PowerShell.
Remove-LocalGroupMember
Remove-LocalGroupMember removes users or groups from the local group.
Syntax
Remove-LocalGroupMember
[-Group] <LocalGroup>
[-Name] <String>
[-SID] <SecurityIdentifier>
[-Member] <LocalPrincipal[]>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Parameters
Group – Specifies the group from which cmdlet removes the members.
Member – Specifies an array of users or groups. Remove-LocalGroupMember cmdlet takes it as input to remove members from the specified security group.
Name – Specifies the name of the group from which the members will be removed.
SID – Specifies the security identifier of the group from which the members will be removed.
Cool Tip: How to check active directory group membership using PowerShell!
Remove User from Local Group
To remove users from a local group, check what are the users in the local administrators group.
To get members of the local administrator’s group, use Get-LocalGroupMember in PowerShell.
Get-LocalGroupMember -Group 'Administrators'
The above Get-LocalGroupMember uses Group to get users from the Administrators group.
It displays ObjectClass, Name, and PrincipalSource members for each user associated with the group.
Use the Remove-LocalGroupMember command that removes a user from the local group.
Remove-LocalGroupMember -Group 'Administrators' -Members 'CORP-EU-101\Administrator'
The above PowerShell script Remove-LocalGroupMember removes users from the group associated with the group name ‘Administrators‘.
Cool Tip: How to get a list of users in the AD group using PowerShell!
Remove all users from the group
You can remove all users from the local group using the Remove-LocalGroupMember cmdlet in PowerShell.
Get-LocalGroupMember -Group 'Administrators' | Where {$_.objectclass -like 'User'} | Remove-LocalGroupMember Administrators
The Get-LocalGroupMember command gets all the group members associated with the Administrators group.
It uses the Where condition to check object class like ‘User’ and pass the output to the Remove-LocalGroupMember command.
Remove-LocalGroupMember in PowerShell removes all users from a local group.
Cool Tip: How to get a domain name using PowerShell!
Remove User from Group on Remote Computer
You can use the Invoke-command to invoke the script to remove users from a group on a remote computer.
$remote-comp = 'Corp-EU-101'
Invoke-Command -ComputerName $remote-comp -ScriptBlock {
Get-LocalGroupMember -Group 'Administrators' | Where {$_.objectclass -like 'User'} | Remove-LocalGroupMember Administrators
In the above PowerShell script to remove users from the group on a remote computer, invoke-command invoke script block to run on the computer specified by ComputerName.
Cool Tip: Using Active Directory UserAccountControl flags in PowerShell!
Using Get-LocalGroupMember gets all administrators groups on the remote computer and passes the output to the second command.
Where condition checks for objectclass like ‘User’ and passes the output to the third command.
Remove-LocalGroupMember cmdlet in PowerShell removes all users from the Administrators group on the remote machine.
Cool Tip: How to remove aduser in PowerShell!
Conclusion
It’s best practice for PowerShell administrators to check regularly for user rights in their network and remove them when they leave an organization or group.
Using Get-LocalGroupMember in PowerShell returns all local group members.
Using Remove-LocalGroupMember in PowerShell removes users or groups from a local group.
Cool Tip: PowerShell echo equivalent command in Windows!
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.