Using DSQUERY, DSGET, and DSMOD (See DSADD for parameters), I have scripted IADGR.bat to remove a user's membership in all distribution groups, and optionally disable their account.

The syntax for using IADGR.bat is:

IADGR SAM_User_Name \[/D\]

where SAM_User_Name is the user's logon name, and /D is an optional parameter that will cause the user account to be set to disabled.

IADGR.bat contains:

@echo off
if \{%1\}
\{\} @echo Syntax: IADGR UserName \[/D\]&goto :EOF
If not \{%2\}
\{\} if /i \{%2\} NEQ \{/D\} @echo Syntax: IADGR UserName \[/D\]&goto :EOF
setlocal
set usr=%1
set IA=%2
for /f "Tokens=*" %%u in ('dsquery user -samid %usr%') do set UDN=%%u
if %ERRORLEVEL% NEQ 0 @echo %usr% NOT found.&endlocal&goto :EOF
for /f "Tokens=*" %%a in ('dsget user %UDN% -memberof') do set DNG=%%a&call :member
if /i "%IA%" NEQ "/D" endlocal&goto :EOF
dsmod user %UDN% -disabled yes
if %ERRORLEVEL% NEQ 0 @echo %usr% NOT disabled.
endlocal
goto :EOF
:member
call :memberof>nul 2>&1
goto :EOF
:memberof
for /f "skip=1 Tokens=*" %%g in ('dsget group %DNG% -secgrp') do set dist=%%g&call :group
goto :EOF
:group
set wrk=%dist:no=%
if /i "%dist%" EQU "%wrk%" goto :EOF
dsmod group %DNG% -rmmbr %UDN%