I am attempting to write a script that:
- Searches our AD for Groups that begin with "AW_"
- Searches for DISABLED users within "AW_" groups
- Removes all disabled users from groups that begin with "AW_"
So far I've got step 1 down:
$AWGroups = Get-ADGroup -Filter {name -like "AW_*"} -Properties Description
Code for step 2 doesn't seem to return all disabled users. It appears to return only one of the disabled users in any of the $AWGroups
foreach ($group in $AWGroups)
{
$DisabledUsers += Get-ADGroupMember -identity $group | get-aduser | Where {$_.Enabled -eq $False}
}
Any suggestions for how to accurately gather all disabled user accounts from $AWGroups into $DisabledUsers?
Thanks