Remove-​Local​Group​Member

Removes members from a local group.

Syntax

Remove-LocalGroupMember
      [-Group] <LocalGroup>
      [-Member] <LocalPrincipal[]>
      [-Confirm]
      [-WhatIf]
      [<CommonParameters>]
Remove-LocalGroupMember
      [-Name] <String>
      [-Member] <LocalPrincipal[]>
      [-Confirm]
      [-WhatIf]
      [<CommonParameters>]
Remove-LocalGroupMember
      [-SID] <SecurityIdentifier>
      [-Member] <LocalPrincipal[]>
      [-Confirm]
      [-WhatIf]
      [<CommonParameters>]

Description

The Remove-LocalGroupMember cmdlet removes users or groups from a local group.

Examples

Example 1: Remove members from the Administrators group

PS C:\> Remove-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\username@Outlook.com", "AzureAD\DavidChew@contoso.com", "CONTOSO\Domain Admins"

This command removes several members from the local Administrators group. The members that this cmdlet removes include a local user account, a Microsoft account, an Azure Active Directory account, and a domain group. This example uses a placeholder value for the user name of an account at Outlook.com.

Required Parameters

-Group

Specifies the security group from which this cmdlet removes members.

Type:LocalGroup
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Member

Specifies an array of users or groups that this cmdlet removes from a security group. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects. Specify SID strings in S-R-I-S-S . . . format.

Type:LocalPrincipal[]
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-Name

Specifies the name of the security group from which this cmdlet removes members.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SID

Specifies the security ID of the security group from which this cmdlet removes members.

Type:SecurityIdentifier
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.Management.Automation.SecurityAccountsManager.LocalPrincipal, System.String, System.Security.Principal.SecurityIdentifier

You can pipe a local principal, a string, or a SID to this cmdlet.

Outputs

None

This cmdlet does not generate any output.

Notes

  • The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:

  • Local

  • Active Directory
  • Azure Active Directory group
  • Microsoft Account

PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.