Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Function Process-Leaver
- {
- <#
- .SYNOPSIS
- This cmdlet will process Leavers on the Precise network.
- .DESCRIPTION
- This Cmdlet will perform the Following:
- Disable User account in Active Directory.
- Removes the ability for any User to change the Password of the Account.
- Gives the account a secure Randomly Generated 18 Character Password.
- Moves the User account to the To_Be_Deleted_Users OU In AD.
- .EXAMPLE
- Process-Leaver -User 'John Doe'
- .EXAMPLE
- Process-Leaver 'John Doe'
- #>
- Param
- (
- [Parameter(Position=0,mandatory=$true)]
- [string]$User
- )
- Foreach ($Person in $User)
- {
- $Errors = 0
- Try
- {
- #Log file Generation
- $logfile = "C:\users\$env:USERNAME\"+$FN+"Leavers_Log_$(get-date -Format dd-mm-yyyy_hhmmtt) $User.txt"
- Write-Output "///////////////////////////////////////////////////" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "Leavers Log_$(get-date -Format dd-mm-yyyy_hhmmtt) | For User: $User" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "///////////////////////////////////////////////////" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- }
- Catch [System.IO.DirectoryNotFoundException]
- {
- Write-Output "Log cannot be Generated. Please confirm File path and try again."
- Throw "Process Log cannot be Generated at $logfile"
- }
- #Imports Active Directory if not already loaded.
- Try
- {
- if (-not (Get-Module ActiveDirectory))
- {
- Import-Module ActiveDirectory -ErrorAction Stop
- }
- }
- Catch
- {
- Write-Output "Error occurred when trying to Load Active Directory Module." `r "Please confirm you are able to Access Active Directory and Try again."
- Throw "Active Directory cannot be Loaded."
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- break
- }
- ####################
- #Initial User Setup#
- ####################
- Try
- {
- #$User = 'Brad Test2'
- $UserUID = Get-ADUser -Filter "Name -eq '$User'" -ErrorAction Stop | Select-Object -ExpandProperty SamAccountName
- if (!( $UserUID ))
- {
- Write-Output "User $User Cannot be found."
- Throw "User $User Cannot be found."
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- }
- Set-ADUser $UserUID -Enabled $False -ErrorAction Stop
- Set-ADUser $UserUID -CannotChangePassword $true -Verbose -ErrorAction Stop
- "User with SamAccountName: $UserUID | Account set to Disabled" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- "User with SamAccountName: $UserUID | CannotChangePassword Set to True" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- }
- Catch [Microsoft.ActiveDirectory.Management.ADFilterParsingException]
- {
- $errors++
- "ERROR AT INITIAL USER SETUP "| Out-File -FilePath $Logfile -Append -ErrorAction Stop
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "User can not be found."
- Break
- }
- Catch
- {
- $errors++
- "ERROR AT INITIAL USER SETUP "| Out-File -FilePath $Logfile -Append -ErrorAction Stop
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile"
- Break
- }
- ##########################
- #Remove Group Memberships#
- ##########################
- Try
- {
- Get-ADPrincipalGroupMembership $UserUID | Where-Object { $_.SamAccountName -ne 'Domain Users' } | Remove-ADGroupMember -Members $UserUID -WhatIf
- Remove-ADGroupMember -Identity $ADGroups -Members $UserUID
- Help Remove-ADGroupMember -Full
- }
- Catch
- {
- }
- ################
- #Password Setup#
- ################
- Try
- {
- $Password = [System.Web.Security.Membership]::GeneratePassword(32, 4)
- $SecurePassword = ConvertTo-SecureString -AsPlainText $Password -Force
- Set-ADAccountPassword $UserUID -NewPassword $SecurePassword -Reset -ErrorAction Stop
- Set-ADUser $UserUID -Office $Password -Verbose -ErrorAction Stop
- Write-Output "User with SamAccountName: $UserUID | Password Set to $Password" | Out-File -FilePath $Logfile -Append
- }
- Catch
- {
- $errors++
- "ERROR AT PASSWORD SETUP" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile"
- Break
- }
- #####################
- #Move Home Directory#
- #####################
- Try
- {
- $HomePathVer = Get-ADUser $UserUID -Properties HomeDirectory | Select-Object -ExpandProperty HomeDirectory | Test-Path
- $HomePath = Get-ADUser $UserUID -Properties HomeDirectory | Select-Object -ExpandProperty HomeDirectory
- If ("$HomePathVer" -eq $True)
- {
- Set-ADUser $UserUID -HomeDirectory "\\profilehomebk\PROFILEHOMEBK\Profiles\1_TOBEDELETED\$UserUID"
- Move-Item -Path $HomePath -Destination "\\profilehomebk\PROFILEHOMEBK\Profiles\1_TOBEDELETED" -Force -ErrorAction Stop
- "Home Directory: $HomePath of User $UserUID | Moved to To_Be_Deleted Folder path" | Out-File -FilePath $Logfile -Append
- }
- }
- Catch [System.IO.IOException]
- {
- $errors++
- Write-Output "Home Directory already Exists in this File path."
- Write-Error "Home Directory already exists in To_Be_Deleted"
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- }
- Catch
- {
- $errors++
- "ERROR AT HOME DIRECTORY MOVE" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile" -ErrorAction Stop
- Break
- }
- ###########
- #User Move#
- ###########
- Try
- {
- #MOVE USER
- $OldLocation = Get-ADUser $UserUID | Select-Object -ExpandProperty DistinguishedName
- Get-ADUser $UserUID | Move-ADObject -TargetPath 'OU=To_Be_Deleted_Users,OU=To Be Deleted,DC=precise-media,DC=co,DC=uk' -ErrorAction Stop
- Write-Output "User with SamAccountName: $UserUID | Object Moved From $OldLocation to OU:To_Be_Deleted_Users" | Out-File -FilePath $Logfile -Append
- }
- Catch
- {
- $errors++
- "ERROR AT USER MOVE" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
- Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile" -ErrorAction Stop
- Break
- }
- If ($errors -eq 0)
- {
- Write-Output "Process Successful | 0 Errors Occurred"
- }
- else
- {
- Write-Output "Completed With Errors | $Errors Error(s) Occurred"
- }
- Write-Output "Log file Generated: $logfile"
- }
- }
- #add move home directory to to be deleted folder
- #add remove group memberships
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement