Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .DESCRIPTION
- This script provides a standard off-boarding method for staff leaving
- the company.
- The script does the following;
- 1. Disables the specified user account
- 2. Updates the user description with the user who disabled the account
- and the time/date when the account was disabled
- 3. Moves the account to the disabled user account OU (needs to exist)
- 4. Sets an out of office reply stating that the employee has left the company
- 5. Convert to a shared mailbox
- 6. Revoke O365 Licenses
- 7. Give users rights on shared mailbox
- 8. Hides the mail account from the Global Adress List
- Version 1.0
- Initial release
- #>
- Write-Host " **************** PLEASE ENTER ACTIVE DIRECTORY ADMIN CREDENTIALS **************** "
- $Credential = Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME"
- $DC = $env:LOGONSERVER.Substring(2)
- #Initiate Remote PS Session to local DC
- $ADPowerShell = New-PSSession -ComputerName $DC -Authentication Negotiate -Credential $Credential
- # Import-Module ActiveDirectory
- write-host "Importing Active Directory PowerShell Commandlets"
- Invoke-Command -Session $ADPowerShell -scriptblock { import-module ActiveDirectory }
- Import-PSSession -Session $ADPowerShell -Module ActiveDirectory -AllowClobber -ErrorAction Stop
- # Retrieve AD Details
- $ADDetails = Get-ADDomain
- $Domain = $ADDetails.DNSRoot
- Clear-Host
- write-host "Importing Office 365 PowerShell Commandlets"
- Write-Host -ForegroundColor White -BackgroundColor DarkBlue " **************** PLEASE ENTER OFFICE 365 ADMIN CREDENTIALS **************** "
- $Office365Credential = Get-Credential
- $Office365PowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Office365Credential -Authentication Basic -AllowRedirection
- Import-PSSession $Office365PowerShell
- Clear-Host
- write-host " **************** Disable Active Directory User Account & Enable Out Of Office **************** "
- write-host " "
- # Get Variables
- $DisabledDate = Get-Date
- $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
- $DisabledBy = Get-ADUser "$env:username" -properties Mail
- $DisabledByEmail = $DisabledBy.Mail
- # Prompt for AD Username
- $Employee = Read-Host "Employee Username"
- $EmployeeDetails = Get-ADUser $Employee -properties *
- If ($EmployeeDetails.Manager -ne $null)
- {
- $Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
- }
- # Prompt for Backup Colleague Username
- $BackUp = Read-Host "Backup Colleague Username"
- $BackUpDetails = Get-ADUser $BackUp -properties *
- # Check which O365 License User has
- Connect-MsolService -Credential $Office365Credential
- $License = (Get-MSOLUser –UserPrincipalName $EmployeeDetails.mail).Licenses[0].AccountSkuID
- # E1 = "<tenant>:STANDARDPACK"
- # E3 = "<tenant>:ENTERPRISEPACK"
- Clear-Host
- # Prompt for confirmation
- write-host " ******************************** CONFIRM USER DISABLE REQUEST ******************************** "
- write-host " "
- write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
- $EmployeeDetails | fl Name, Title, Company, @{ Expression = { $_.mail }; Label = "Email Address" }, @{Expression = { $_.Created }; Label = "Employment Started"}
- $choice = " "
- while ($choice -notmatch "[y|n]")
- {
- $choice = read-host "Do you want to continue? (Y/N)"
- }
- # Actions
- if ($choice -eq "y")
- {
- Clear-Host
- write-host " ******************************** DISABLING USER ACCOUNT ******************************** "
- write-host " "
- write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
- Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
- write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
- Disable-ADAccount $Employee
- write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
- write-host " "
- Move-ADObject -Identity $EmployeeDetails.DistinguishedName -targetpath "OU=Template,OU=Users,DC=contoso,DC=com"
- write-host "Waiting 5 seconds for AD & Exchange OU update to complete"
- sleep -Seconds 5
- write-host " "
- write-host "Refreshing Employee Details for Exchange Modification."
- write-host " "
- Get-ADUser $Employee -Properties Description | Format-List Name, Enabled, Description
- write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
- Set-MailboxAutoReplyConfiguration -Identity $Employee.Mail -AutoReplyState enabled -ExternalAudience all -InternalMessage "Dear, I have left $($EmployeeDetails.company) since $LeaveDate. You can contact my colleague $($BackUpDetails.name) via e-mail: $($BackUpDetails.mail) or telephone: $($BackUpDetails.officephone)." -ExternalMessage "Dear, I have left $($EmployeeDetails.company) since $LeaveDate. You can contact my colleague $($BackUpDetails.name) via e-mail: $($BackUpDetails.mail) or telephone: $($BackUpDetails.officephone)."
- Write-Host "Step 5. Convert to a shared mailbox"
- Set-Mailbox $EmployeeDetails.Mail -Type shared
- Write-Host "Step 6. Revoke O365 Licenses"
- if ($License -Match "<tenant>:STANDARDPACK")
- {
- Set-MsolUserLicense -Identity $EmployeeDetails.Mail -RemoveLicenses "<tenant>:STANDARDPACK"
- }
- Else
- {
- Set-MsolUserLicense -Identity $EmployeeDetails.Mail -RemoveLicenses "<tenant>:ENTERPRISEPACK"
- }
- Write-Host "Step 7. Give users rights on shared mailbox"
- Write-Host "Write username for Full Access"
- Add-MailboxPermission $EmployeeDetails.Mail -User $BackUp -AccessRights FullAccess
- Write-Host "Step 8. Hiding $($EmployeeDetails.name) from Global Address lists" -ForegroundColor Yellow
- Set-ADUser -identity $Employee -add @{ msExchHideFromAddressLists = "True" }
- Set-ADUser -instance $EmployeeDetails -whatif
- }else{
- write-host " "
- write-host "Employee disable request cancelled" -ForegroundColor Yellow
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement