clihelper.userconfig

0.1.0

Public/Remove-UserGroupMember.ps1

                                function Remove-UserGroupMember {

  <#

  .SYNOPSIS

    Removes one or more members (users or groups) from a local security group.

  .DESCRIPTION

    The Remove-UserGroupMember cmdlet removes one or more members (users or groups) from a local security group.

  .PARAMETER Group

    The security group from the local Security Accounts Manager.

  .PARAMETER Name

    The security group from the local Security Accounts Manager.

  .PARAMETER SID

    The security group from the local Security Accounts Manager by SecurityIdentifier.

  .PARAMETER Member

    One or more users or groups to remove from this local group.

  .EXAMPLE

    Remove-UserGroupMember -Name "Administrators" -Member "John"

    Removes the user John from the Administrators group.

  #>

  [CmdletBinding(SupportsShouldProcess = $true)]

  param(

    [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Group')]

    [UserGroup]$Group,

    [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'Default')]

    [string]$Name,

    [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, ParameterSetName = 'SecurityIdentifier')]

    [System.Security.Principal.SecurityIdentifier]$SID,

    [Parameter(Mandatory = $true, Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]

    [ValidateNotNullOrEmpty()]

    [LocalPrincipalMember[]]$Member

  )

  process {

    $group = $null

    if ($null -ne $Group) {

      $group = $Group

    } elseif ($null -ne $Name) {

      $group = [UserGroup]::new($Name)

    } elseif ($null -ne $SID) {

      $group = [UserGroup]::new()

      $group.SID = $SID

    }

    if ($null -eq $group) { return }

    foreach ($m in $Member) {

      if ($null -eq $m) { continue }

      if ($PSCmdlet.ShouldProcess($group.ToString(), "Remove member $($m.Name)")) {

        try {

          [LocalAccountHelper]::RemoveUserGroupMember($group, $m)

        } catch [System.UnauthorizedAccessException] {

          $ex = [AccessDeniedException]::new($m)

          Write-Error -Message $ex.Message -ErrorId 'AccessDenied' -Category PermissionDenied -TargetObject $m

        } catch [PrincipalNotFoundException] {

          $ex = [MemberNotFoundException]::new($m.Name, $group.Name)

          Write-Error -Message $ex.Message -ErrorId 'MemberNotFound' -Category ObjectNotFound -TargetObject $m

        } catch {

          Write-Error -Message $_.Exception.Message -ErrorId 'InvalidUserGroupMemberOperation' -Category InvalidOperation -TargetObject $m

        }

      }

    }

  }

}