API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 2nd, 2017
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 8.07 KB | None | 0 0
raw download clone embed print report
  1. Function Process-Leaver
  2. {
  3.  
  4.     <#
  5.    
  6.     .SYNOPSIS
  7.     This cmdlet will process Leavers on the Precise network.
  8.    
  9.     .DESCRIPTION
  10.     This Cmdlet will perform the Following:
  11.     Disable User account in Active Directory.
  12.     Removes the ability for any User to change the Password of the Account.
  13.     Gives the account a secure Randomly Generated 18 Character Password.
  14.     Moves the User account to the To_Be_Deleted_Users OU In AD.
  15.    
  16.     .EXAMPLE
  17.     Process-Leaver -User 'John Doe'
  18.     .EXAMPLE
  19.     Process-Leaver 'John Doe'
  20.    
  21.     #>
  22.  
  23.     Param
  24.     (
  25.    
  26.        [Parameter(Position=0,mandatory=$true)]
  27.        [string]$User
  28.    
  29.     )
  30.    
  31.     Foreach ($Person in $User)
  32.     {
  33.  
  34.         $Errors = 0
  35.  
  36.         Try
  37.         {
  38.  
  39.              #Log file Generation
  40.              $logfile = "C:\users\$env:USERNAME\"+$FN+"Leavers_Log_$(get-date -Format dd-mm-yyyy_hhmmtt) $User.txt"
  41.              Write-Output "///////////////////////////////////////////////////" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  42.              Write-Output "Leavers Log_$(get-date -Format dd-mm-yyyy_hhmmtt) | For User: $User" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  43.              Write-Output "///////////////////////////////////////////////////" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  44.  
  45.         }
  46.         Catch [System.IO.DirectoryNotFoundException]
  47.         {
  48.  
  49.             Write-Output "Log cannot be Generated. Please confirm File path and try again."
  50.             Throw "Process Log cannot be Generated at $logfile"
  51.  
  52.         }
  53.  
  54.  
  55.         #Imports Active Directory if not already loaded.
  56.         Try
  57.         {
  58.  
  59.             if (-not (Get-Module ActiveDirectory))
  60.             {
  61.  
  62.                 Import-Module ActiveDirectory -ErrorAction Stop
  63.  
  64.             }
  65.         }
  66.         Catch
  67.         {
  68.             Write-Output "Error occurred when trying to Load Active Directory Module." `r "Please confirm you are able to Access Active Directory and Try again."
  69.             Throw "Active Directory cannot be Loaded."
  70.             $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  71.             break
  72.         }
  73.         ####################
  74.         #Initial User Setup#
  75.         ####################
  76.         Try
  77.         {
  78.             #$User = 'Brad Test2'
  79.             $UserUID = Get-ADUser -Filter "Name -eq '$User'" -ErrorAction Stop | Select-Object -ExpandProperty SamAccountName
  80.  
  81.             if (!( $UserUID ))
  82.             {
  83.    
  84.                 Write-Output "User $User Cannot be found."
  85.                 Throw "User $User Cannot be found."
  86.                 $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  87.  
  88.  
  89.             }
  90.  
  91.             Set-ADUser $UserUID -Enabled $False -ErrorAction Stop
  92.             Set-ADUser $UserUID -CannotChangePassword $true -Verbose -ErrorAction Stop
  93.  
  94.             "User with SamAccountName: $UserUID | Account set to Disabled" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  95.             "User with SamAccountName: $UserUID | CannotChangePassword Set to True" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  96.  
  97.         }
  98.  
  99.         Catch [Microsoft.ActiveDirectory.Management.ADFilterParsingException]
  100.          {
  101.  
  102.              $errors++
  103.              "ERROR AT INITIAL USER SETUP "| Out-File -FilePath $Logfile -Append -ErrorAction Stop
  104.              $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  105.              Write-Output "User can not be found."
  106.              Break
  107.  
  108.         }
  109.  
  110.         Catch
  111.          {
  112.  
  113.              $errors++
  114.              "ERROR AT INITIAL USER SETUP "| Out-File -FilePath $Logfile -Append -ErrorAction Stop
  115.              $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  116.              Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile"
  117.              Break
  118.  
  119.         }
  120.  
  121.         ##########################
  122.         #Remove Group Memberships#
  123.         ##########################
  124.         Try
  125.         {
  126.  
  127.         Get-ADPrincipalGroupMembership  $UserUID | Where-Object { $_.SamAccountName -ne 'Domain Users' } |  Remove-ADGroupMember -Members $UserUID -WhatIf
  128.         Remove-ADGroupMember -Identity $ADGroups -Members $UserUID
  129.  
  130.         Help Remove-ADGroupMember -Full
  131.  
  132.         }
  133.         Catch
  134.         {
  135.  
  136.         }
  137.  
  138.         ################
  139.         #Password Setup#
  140.         ################
  141.         Try
  142.         {
  143.  
  144.             $Password = [System.Web.Security.Membership]::GeneratePassword(32, 4)
  145.             $SecurePassword = ConvertTo-SecureString -AsPlainText $Password -Force
  146.    
  147.             Set-ADAccountPassword $UserUID -NewPassword $SecurePassword -Reset -ErrorAction Stop
  148.             Set-ADUser $UserUID -Office $Password -Verbose -ErrorAction Stop
  149.  
  150.             Write-Output "User with SamAccountName: $UserUID | Password Set to $Password" | Out-File -FilePath $Logfile -Append
  151.  
  152.         }
  153.  
  154.         Catch
  155.         {
  156.  
  157.              $errors++
  158.              "ERROR AT PASSWORD SETUP" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  159.              $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  160.              Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile"
  161.              Break
  162.  
  163.         }
  164.  
  165.         #####################
  166.         #Move Home Directory#
  167.         #####################    
  168.         Try
  169.         {
  170.             $HomePathVer = Get-ADUser $UserUID -Properties HomeDirectory | Select-Object -ExpandProperty HomeDirectory | Test-Path
  171.             $HomePath = Get-ADUser $UserUID -Properties HomeDirectory | Select-Object -ExpandProperty HomeDirectory
  172.             If ("$HomePathVer" -eq $True)
  173.             {
  174.                Set-ADUser $UserUID -HomeDirectory "\\profilehomebk\PROFILEHOMEBK\Profiles\1_TOBEDELETED\$UserUID"
  175.                Move-Item -Path $HomePath -Destination "\\profilehomebk\PROFILEHOMEBK\Profiles\1_TOBEDELETED" -Force -ErrorAction Stop
  176.                "Home Directory: $HomePath of User $UserUID | Moved to To_Be_Deleted Folder path" | Out-File -FilePath $Logfile -Append
  177.             }  
  178.  
  179.         }
  180.         Catch [System.IO.IOException]
  181.         {
  182.             $errors++
  183.             Write-Output "Home Directory already Exists in this File path."
  184.             Write-Error "Home Directory already exists in To_Be_Deleted"
  185.             $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  186.            
  187.         }
  188.         Catch
  189.         {
  190.              $errors++
  191.              "ERROR AT HOME DIRECTORY MOVE" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  192.              $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  193.              Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile" -ErrorAction Stop
  194.              Break
  195.         }
  196.  
  197.         ###########
  198.         #User Move#
  199.         ###########
  200.         Try
  201.         {
  202.  
  203.         #MOVE USER
  204.             $OldLocation = Get-ADUser $UserUID | Select-Object -ExpandProperty DistinguishedName
  205.             Get-ADUser $UserUID | Move-ADObject -TargetPath 'OU=To_Be_Deleted_Users,OU=To Be Deleted,DC=precise-media,DC=co,DC=uk' -ErrorAction Stop
  206.  
  207.             Write-Output "User with SamAccountName: $UserUID | Object Moved From $OldLocation to OU:To_Be_Deleted_Users" | Out-File -FilePath $Logfile -Append
  208.  
  209.         }
  210.  
  211.         Catch
  212.         {
  213.  
  214.              $errors++
  215.              "ERROR AT USER MOVE" | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  216.              $_.Exception.Message | Out-File -FilePath $Logfile -Append -ErrorAction Stop
  217.              Write-Output "AN ERROR HAS OCCURRED > PLEASE CHECK LOG $logfile" -ErrorAction Stop
  218.              Break
  219.  
  220.         }
  221.  
  222.         If ($errors -eq 0)
  223.         {
  224.  
  225.             Write-Output "Process Successful | 0 Errors Occurred"
  226.  
  227.         }
  228.  
  229.         else
  230.         {
  231.  
  232.             Write-Output "Completed With Errors | $Errors Error(s) Occurred"
  233.  
  234.         }
  235.  
  236.         Write-Output "Log file Generated: $logfile"
  237.  
  238.     }
  239.  
  240. }
  241.  
  242.  
  243.  
  244. #add move home directory to to be deleted folder
  245. #add remove group memberships
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!