Untitled

[cmdletbinding()]
param (
 [switch]$Log,
 [Alias('wi')]
 [switch]$WhatIf
)
Clear-Host; $error.clear()

try { Stop-Transcript } catch { Write-Verbose 'No Transcript Started' }
Write-Host $MyInvocation.MyCommand.Name -ForegroundColor Green

# ==== Begin logging =====
$LogPath = '.\logs\' + $(if ($WhatIf) { 'TEST-' }) + $MyInvocation.MyCommand.Name + $(get-date -f -20y.M.d-hhmmss) + ".log"
if ($Log) { Start-Transcript $LogPath }

Connect-MsolService -Credential (Get-Credential -Message 'An account with the proper rights')

'Getting staff AD objects with mail attribute'
$staffADObjs = Get-ADUser -Filter {(mail -like "*@*.org") -and (employeeid -like "*")} -Properties lastlogondate,employeeid,mail,title

$A3types = 'Manager','IT Staff','Office Assistant','Jobs that need more licensing power'

foreach ($adObj in $staffADObjs){
 if ($WhatIf) { '=======================================================================' }
 Write-Debug ( '{0} LastLogon {1} - Process?' -f $adObj.samaccountname, $adObj.LastLogonDate )

 if ($A3Types -contains $adObj.title) {
  $A3 = $true
  $targetLicense = 'YourOrgName:M365EDU_A3_FACULTY'
 }
 else { $targetLicense = 'YourOrgName:STANDARDWOFFPACK_FACULTY' }

 $msolUser = Get-MsolUser -UserPrincipalName $adObj.UserPrincipalName -ErrorAction SilentlyContinue

 if (!$msolUser) {
  ('{0}, MSOL No such user.' -f $adObj.UserPrincipalName)
  continue
 }

 if ($adObj.DistinguishedName -like "*Resignation-Termination-Retired,OU=Disabled_User_Objects*"){ # Begin Retired Check
  foreach ($license in ($msolUser.Licenses.AccountSkuId)){
   add-log retired ('{0},removing license: {1}' -f $adObj.samaccountname, $license) -WhatIf:$WhatIf
   if (!$WhatIf) { Set-MsolUserLicense -UserPrincipalName $adObj.UserPrincipalName -RemoveLicenses $license }
  }
 } # End Retired Check
 else {
  $cutOffDate = (Get-Date).AddMonths(-6)
  # Staleness Check
  # Give likely inactive accounts the default (A1) license
  if ($adObj.LastLogonDate -le $cutOffDate) {
   $targetLicense = 'YourOrgName:STANDARDWOFFPACK_FACULTY'
   ('{0},{1},Possible Stale account detected. Changing Target License: {2}' -f $adObj.samaccountname, $adObj.LastLogonDate,$targetLicense )
  }

  Write-Verbose ($msolUser.Licenses.AccountSkuId | Out-String)

  if ($msolUser.Licenses.AccountSkuId -contains $targetLicense){
   ('{0},Proper license present: {1}' -f $adObj.samaccountname, $targetLicense)
  } else {
   foreach ($license in ($msolUser.Licenses.AccountSkuId)){ # Begin Bad License Check

    $badLicenseTypes = 'YourOrgName:EXCHANGESTANDARD_FACULTY','YourOrgName:STANDARDWOFFPACK_IW_FACULTY',
     'YourOrgName:STANDARDWOFFPACK_IW_STUDENT','YourOrgName:STANDARDWOFFPACK_STUDENT'
    # Active Accounts that are assigned A3 licenses that need to be switched over from the default
    if ($A3 -and ($adObj.LastLogonDate -ge $cutOffDate)) { $badLicenseTypes += 'YourOrgName:STANDARDWOFFPACK_FACULTY' }
    if ( $badLicenseTypes -contains $license ){
     ('{0},{1}' -f $adObj.samaccountname, $license )
     if (!$WhatIf) { Set-MsolUserLicense -UserPrincipalName $adObj.UserPrincipalName -RemoveLicenses $license  }
    }
   } # End Bad License Check

   # Assign proper licence type
   ('{0},{1}' -f $adObj.samaccountname, $targetLicense )
   if (!$WhatIf) {
    Set-MsolUserLicense -UserPrincipalName $adObj.UserPrincipalName -AddLicenses $targetLicense
    foreach ($lic in ((Get-MsolUser -UserPrincipalName $adObj.UserPrincipalName).Licenses.AccountSkuId)) {
     ( '{0},{1}' -f $adObj.UserPrincipalName, $lic )
    }
   }
  }
 }
}

# End Logging
if ($Log) { Stop-Transcript }