RetiredUsers v3

1. # RetiredUser.ps1
2. # Description - script to automate basic retiring of user account.
3. #
4. # Created: 06/01/14
5. # Creator: Tim Sutton
6. #
7. # v2 - Tim Sutton 08/01/14
8. #   - changed group removal method to prevent previous errors.
9. #   - changed how description is written to include running username.
10. #   - changed password reset to use random password.
11. #   - added outputs for clarity.
12. #       - added password output.
13. #
14. # v3 - Tim Sutton 16/01/14
15. #   - added copying description to title field.
16. #   - added confirmation prompt.
17. #   - script echoes full display name for target account.
18. #   - added sense of humour
19.  
20.  
21.  
22. # This is where we define the parameters.
23. #get UserName
24. $termuser = read-host "Enter user name to retire"
25.  
26. # Confirm User
27. $FullName = get-aduser $termuser -properties department
28. write-host `n "Account selected:" $FullName.name "of the" $fullname.department "group?" `n -foregroundcolor red
29. $prompt = 'Should I [A]bort or [C]ontinue?'
30. $abort = New-Object System.Management.Automation.Host.ChoiceDescription '&Abort','Aborts the operation'
31. $continue = New-Object System.Management.Automation.Host.ChoiceDescription '&Continue','Continues the operation'
32. $options = [System.Management.Automation.Host.ChoiceDescription[]] ($abort,$continue)
33.  
34. $choice = $host.ui.PromptForChoice($title,$prompt,$options,0)
35.  
36. #write-host "You chose:"$choice
37. if ($choice -eq 0) {write-host "You chose to abort..."}
38. if ($choice -eq 1) {write-host "You chose to continue."}
39.  
40. if ($choice -eq 0)
41. { write-host `n "Abort! Abort! Abort!" `n `n "Script aborted ....... that was close." `n `n
42. break
43. }
44.  
45. Else
46.  
47. {
48. write-host `n "... Continuing ..." `n
49.  
50.  
51. # Clear account details
52. Get-ADUser $termuser | Set-ADUser -Company $null -Department $null -Description $null -Fax $null -HomePhone $null -MobilePhone $null -Office
53.  
54. $null -PostalCode $null -State $null -StreetAddress $null -City $null -OfficePhone $null -Title $null -HomePage $null
55. write-host "*  Cleared all user account fields for" $FullName.name
56.  
57. # Remove all group memberships bar Domain Users
58. $userGroups = (Get-ADUser $termuser -properties memberof).memberof
59. $userGroups | Remove-ADGroupmember -Members $termuser -Confirm:$false
60. write-host "* " $FullName.name "removed from all distribution and security groups."
61.  
62. # Set description
63. $termDate = get-date -uformat "%Y-%m-%d"
64. $terminatedby = $env:username
65. $termUserDesc = $termDate + " Moved to Retired Accounts OU - " + $terminatedby
66. set-ADUser $termuser -Description $termUserDesc -title $termUserDesc
67. write-host "*  Description set to: " $termUserDesc
68. write-host "*  Title set to: " $termUserDesc
69.  
70.  
71. # Set Password
72. $length = 15
73. $punc = 46..46
74. $digits = 48..57
75. $letters = 65..90 + 97..122
76. $password = get-random -count $length -input ($punc + $digits + $letters) | % -begin { $aa = $null } -process {$aa += [char]$_} -end {$aa}
77.  
78. Get-ADUser $termuser |Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force)
79. write-host "*  Reset password to: " $password
80.  
81.  
82. # Move to retired ou
83. Get-ADUser $termuser | Move-ADObject -TargetPath 'ou=retired accounts,ou=uk,dc=domain,dc=local'
84. write-host "* " $FullName.name "moved to Retired Users OU" `n
85.  
86. write-host "Mischief done ...." `n
87.  
88. Exit
89. }