Remove-ADUserAdmins.ps1

# Name: Remove-ADUserAdmins.ps1
# Author: James Schlackman
# Last Modified: Dec 19 2023

# Clear individual non-local (e.g. AD) users from the local administrators group

# Notes:
#  - Uses CIM to retrieve local group membership as Get-LocalGroupMember does not work without DC connectivity
#  - Must be run in 64-bit PowerShell Host. The LocalAccounts module is not available in 32-bit PowerShell on a 64-bit system.

#Requires -Modules Microsoft.PowerShell.LocalAccounts
#Requires -RunAsAdministrator

$AdminUsers = (Get-CimInstance Win32_GroupUser | Where-Object {$_.PartComponent.CimClass.CimClassName -eq 'Win32_UserAccount' -and $_.GroupComponent.Name -eq 'Administrators' -and $_.PartComponent.Domain -ne $env:COMPUTERNAME}).PartComponent

$AdminUsers | Where-Object {$_} | ForEach-Object {Remove-LocalGroupMember -Group 'Administrators' -Member "$($_.Domain)\$($_.Name)"}