Remove user from local Administrator group using PowerShell

In this post I am going to share PowerShell script to remove local user account or AD domain users from local Administrators group.

Remove user account from local Administrators group

The following powershell commands remove the given AD user account from local Admins group.

$user = "DomainName/Morgan";
$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
$userObj = [ADSI]"WinNT://$user,user"
$groupObj.Remove($userObj.Path)

If you want to remove non-domain local user account, you need to just pass the username as shown below:

$user = "ComputerName/Morgan";

Remove multiple users from local Administrators group

Use the below PowerShell script to remove set of Active Directory user accounts from local Admins group. First create the text file users.txt which includes one user name in each line.

$group = "Administrators";
$groupObj =[ADSI]"WinNT://./$group,group" 
ForEach ($user in (Get-Content "C:\users.txt"))
{
   $userObj = [ADSI]"WinNT://$user,user"
   $groupObj.Remove($userObj.Path)
}

Remove user from local Admins group on Remote computer

We need to provide the remote computer name to remove local Administrators group member on a remote computer.

$computer = "hp-pc";
$domainUser = "DomainName/Morgan";
$groupObj =[ADSI]"WinNT://$computer/Administrators,group" 
$userObj = [ADSI]"WinNT://$domainUser,user"
$groupObj.Remove($userObj.Path)
Advertisement

3 thoughts on “Remove user from local Administrator group using PowerShell”

Leave a Comment