Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Function Disable-CompanyUser {
- [CmdletBinding(SupportsShouldProcess=$true)]
- Param()
- DynamicParam {
- New-DynamicParams -count (($PSBoundParameters.GetEnumerator() | Measure-Object).Count - 1) -settings @(
- ($true | Select-Object @{
- N="Name"
- E={"User"}
- },@{
- N="SetScript"
- E={
- {
- Get-ADUser -SearchBase 'CN=Users,DC=DOMAINHERE,DC=com' -Filter * | Sort-Object SamAccountName | Select-Object -ExpandProperty SamAccountName
- }
- }
- }
- )
- )
- }
- Begin {
- $PSBoundParameters.GetEnumerator() | ForEach-Object {
- New-Variable -Name $_.Key -Value $_.Value -WhatIf:$false
- }
- $DisabledUsersContainer = Get-ADOrganizationalUnit -Filter {Name -like 'Disabled Users'}
- $DisabledUserGroup = Get-ADGroup -Filter {SamAccountName -like 'DisabledUsers*'} -Properties @('primaryGroupToken')
- }
- Process {
- Write-Verbose -Message "User $User Selected"
- $ADUser = Get-ADUser -Filter {SamAccountName -eq $User} -Properties @('Office')
- #Active Directory Steps
- Write-Verbose -Message "Adding to Disabled Users Group"
- Add-ADPrincipalGroupMembership -Identity $User -MemberOf $DisabledUserGroup.DistinguishedName
- $UserDisableSettings = @{
- #Specify Target
- Identity = $ADUser
- #Disable User
- Enabled = $false
- #New Description
- Description = @('DISABLED',(Get-date -Format 'dd MMM yyyy')) -join ' - '
- #Hide from GAL and change Primary Group
- Replace = @{
- 'primaryGroupId' = $DisabledUserGroup.primaryGroupToken
- 'msExchHideFromAddressLists' = $true
- }
- }
- $UserMoveSettings = @{
- Identity = $ADUser
- TargetPath = $DisabledUsersContainer.DistinguishedName
- }
- #Get-ADUser -Filter {SamAccountName -eq $User} | Set-ADUser -Enabled $false -PassThru -Verbose | Move-ADObject -TargetPath $DisabledUsers.DistinguishedName -Verbose
- Write-Verbose -Message "Disabling User $user => Hiding from GAL => Changing Primary Group Membership"
- Set-ADUser @UserDisableSettings
- Write-Verbose -Message "Removing $User from All Groups"
- Remove-ADPrincipalGroupMembership -Identity $ADUser -MemberOf $(Get-ADPrincipalGroupMembership -Identity $ADUser | Where-Object {$_ -notmatch 'DisabledUsers\-ACL'}) -Confirm:$false
- Write-Verbose -Message "Moving $user to Disabled Users Container"
- Move-ADObject @UserMoveSettings
- }
- End {
- }
- }
Add Comment
Please, Sign In to add comment