API tools faq
paste
Guest User

Untitled

a guest
Jul 17th, 2018
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.79 KB | None | 0 0
raw download clone embed print report
  1. Function Disable-CompanyUser {
  2. [CmdletBinding(SupportsShouldProcess=$true)]
  3. Param()
  4. DynamicParam {
  5. New-DynamicParams -count (($PSBoundParameters.GetEnumerator() | Measure-Object).Count - 1) -settings @(
  6. ($true | Select-Object @{
  7. N="Name"
  8. E={"User"}
  9. },@{
  10. N="SetScript"
  11. E={
  12. {
  13. Get-ADUser -SearchBase 'CN=Users,DC=DOMAINHERE,DC=com' -Filter * | Sort-Object SamAccountName | Select-Object -ExpandProperty SamAccountName
  14. }
  15. }
  16. }
  17. )
  18. )
  19. }
  20. Begin {
  21. $PSBoundParameters.GetEnumerator() | ForEach-Object {
  22. New-Variable -Name $_.Key -Value $_.Value -WhatIf:$false
  23. }
  24. $DisabledUsersContainer = Get-ADOrganizationalUnit -Filter {Name -like 'Disabled Users'}
  25. $DisabledUserGroup = Get-ADGroup -Filter {SamAccountName -like 'DisabledUsers*'} -Properties @('primaryGroupToken')
  26.  
  27. }
  28. Process {
  29. Write-Verbose -Message "User $User Selected"
  30. $ADUser = Get-ADUser -Filter {SamAccountName -eq $User} -Properties @('Office')
  31.  
  32. #Active Directory Steps
  33.  
  34. Write-Verbose -Message "Adding to Disabled Users Group"
  35. Add-ADPrincipalGroupMembership -Identity $User -MemberOf $DisabledUserGroup.DistinguishedName
  36.  
  37. $UserDisableSettings = @{
  38.  
  39. #Specify Target
  40. Identity = $ADUser
  41.  
  42. #Disable User
  43. Enabled = $false
  44.  
  45. #New Description
  46. Description = @('DISABLED',(Get-date -Format 'dd MMM yyyy')) -join ' - '
  47.  
  48. #Hide from GAL and change Primary Group
  49. Replace = @{
  50. 'primaryGroupId' = $DisabledUserGroup.primaryGroupToken
  51. 'msExchHideFromAddressLists' = $true
  52. }
  53. }
  54. $UserMoveSettings = @{
  55. Identity = $ADUser
  56. TargetPath = $DisabledUsersContainer.DistinguishedName
  57. }
  58.  
  59. #Get-ADUser -Filter {SamAccountName -eq $User} | Set-ADUser -Enabled $false -PassThru -Verbose | Move-ADObject -TargetPath $DisabledUsers.DistinguishedName -Verbose
  60.  
  61. Write-Verbose -Message "Disabling User $user => Hiding from GAL => Changing Primary Group Membership"
  62. Set-ADUser @UserDisableSettings
  63.  
  64. Write-Verbose -Message "Removing $User from All Groups"
  65. Remove-ADPrincipalGroupMembership -Identity $ADUser -MemberOf $(Get-ADPrincipalGroupMembership -Identity $ADUser | Where-Object {$_ -notmatch 'DisabledUsers\-ACL'}) -Confirm:$false
  66.  
  67. Write-Verbose -Message "Moving $user to Disabled Users Container"
  68. Move-ADObject @UserMoveSettings
  69. }
  70. End {
  71.  
  72. }
  73. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!