I need a Powershell script using native or Quest cmdlets to remove ALL groups from a user in AD. Now here's the catch, the user is a member of groups from 3 different trusted domains in a single forest. I can get a script to remove groups from the domain
the user resides in but it fails on removing the groups from the other domains. Any suggestions? I see this is can be an issue when a user is a member of cross-domain groups but have not found a solution yet.
What is not explicitly allowed should be implicitly denied