# RetiredUser.ps1
# Description - script to automate basic retiring of user account.
#
# Created: 06/01/04
# Creator: Tim Sutton


# This is where we define the parameters.
# It prompts for username and your initials. 
Param (
[Parameter(Mandatory=$true)]
[string]$Username,
[Parameter(Mandatory=$true)]
[string]$YourInitials
)

# This prompts for the new password for the account.
$newpassword = Read-Host "Type new password:" -AsSecureString

# Set Date Variables
$Year = (Get-Date).ToString("yyyy")  
$Month = (Get-Date).ToString("MM")
$Day = (Get-Date).ToString("dd") 


# Clear account details
Get-ADUser $Username | Set-ADUser -Company $null -Department $null -Description $null -Fax $null -HomePhone $null -MobilePhone $null -Office $null -PostalCode $null -State $null -StreetAddress $null -City $null -OfficePhone $null -Title $null -HomePage $null

# Remove all group memberships bar Domain Users
# Note: this will cause an error as it won't be able to remove the Domain Users group. This is expected for v1 of the script.
Get-ADPrincipalGroupMembership -Identity $Username | % {Remove-ADPrincipalGroupMembership -Identity $Username -MemberOf $_ -confirm:$false}

# Set description
Get-ADUser $Username | Set-ADUser -Description "$Year-$Month-$Day Moved to retired OU - $YourInitials"

# Set Password
Get-ADUser $Username |Set-ADAccountPassword -Reset -NewPassword $newpassword

# Move to retired ou
Get-ADUser $Username | Move-ADObject -TargetPath 'ou=retired accounts,ou=uk,dc=domain,dc=local'


Exit