Untitled

<#
.DESCRIPTION
This script provides a standard off-boarding method for staff leaving
the company.

The script does the following;
1. Disables the specified user account
2. Updates the user description with the user who disabled the account
and the time/date when the account was disabled
3. Moves the account to the disabled user account OU (needs to exist)
4. Sets an out of office reply stating that the employee has left the company
5. Convert to a shared mailbox
6. Revoke O365 Licenses
7. Give users rights on shared mailbox
8. Hides the mail account from the Global Adress List

Version 1.0
Initial release
#>

Write-Host " **************** PLEASE ENTER ACTIVE DIRECTORY ADMIN CREDENTIALS **************** "
$Credential = Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME"
$DC = $env:LOGONSERVER.Substring(2)

#Initiate Remote PS Session to local DC
$ADPowerShell = New-PSSession -ComputerName $DC -Authentication Negotiate -Credential $Credential

# Import-Module ActiveDirectory
write-host "Importing Active Directory PowerShell Commandlets"
Invoke-Command -Session $ADPowerShell -scriptblock { import-module ActiveDirectory }
Import-PSSession -Session $ADPowerShell -Module ActiveDirectory -AllowClobber -ErrorAction Stop

# Retrieve AD Details
$ADDetails = Get-ADDomain
$Domain = $ADDetails.DNSRoot
Clear-Host

write-host "Importing Office 365 PowerShell Commandlets"
Write-Host -ForegroundColor White -BackgroundColor DarkBlue " **************** PLEASE ENTER OFFICE 365 ADMIN CREDENTIALS **************** "
$Office365Credential = Get-Credential
$Office365PowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Office365Credential -Authentication Basic -AllowRedirection
Import-PSSession $Office365PowerShell
Clear-Host

write-host " **************** Disable Active Directory User Account & Enable Out Of Office **************** "
write-host " "

# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail

# Prompt for AD Username
$Employee = Read-Host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties *
If ($EmployeeDetails.Manager -ne $null)
{
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
}

# Prompt for Backup Colleague Username
$BackUp = Read-Host "Backup Colleague Username"
$BackUpDetails = Get-ADUser $BackUp -properties *

# Check which O365 License User has
Connect-MsolService -Credential $Office365Credential
$License = (Get-MSOLUser –UserPrincipalName $EmployeeDetails.mail).Licenses[0].AccountSkuID
# E1 = "<tenant>:STANDARDPACK"
# E3 = "<tenant>:ENTERPRISEPACK"
Clear-Host

# Prompt for confirmation
write-host " ******************************** CONFIRM USER DISABLE REQUEST ******************************** "
write-host " "
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
$EmployeeDetails | fl Name, Title, Company, @{ Expression = { $_.mail }; Label = "Email Address" }, @{Expression = { $_.Created }; Label = "Employment Started"}

$choice = " "
while ($choice -notmatch "[y|n]")
{
$choice = read-host "Do you want to continue? (Y/N)"
}

# Actions
if ($choice -eq "y")
{
Clear-Host
write-host " ******************************** DISABLING USER ACCOUNT ******************************** "
write-host " "
write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
Disable-ADAccount $Employee
write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
write-host " "
Move-ADObject -Identity $EmployeeDetails.DistinguishedName -targetpath "OU=Template,OU=Users,DC=contoso,DC=com"
write-host "Waiting 5 seconds for AD & Exchange OU update to complete"
    sleep -Seconds 5

write-host " "
write-host "Refreshing Employee Details for Exchange Modification."
write-host " "
Get-ADUser $Employee -Properties Description | Format-List Name, Enabled, Description
write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
    Set-MailboxAutoReplyConfiguration -Identity $Employee.Mail -AutoReplyState enabled -ExternalAudience all -InternalMessage "Dear, I have left $($EmployeeDetails.company) since $LeaveDate. You can contact my colleague $($BackUpDetails.name) via e-mail: $($BackUpDetails.mail) or telephone: $($BackUpDetails.officephone)." -ExternalMessage "Dear, I have left $($EmployeeDetails.company) since $LeaveDate. You can contact my colleague $($BackUpDetails.name) via e-mail: $($BackUpDetails.mail) or telephone: $($BackUpDetails.officephone)."
Write-Host "Step 5. Convert to a shared mailbox"
Set-Mailbox $EmployeeDetails.Mail -Type shared
Write-Host "Step 6. Revoke O365 Licenses"
if ($License -Match "<tenant>:STANDARDPACK")
{
    Set-MsolUserLicense -Identity $EmployeeDetails.Mail -RemoveLicenses "<tenant>:STANDARDPACK"
}
Else
{
    Set-MsolUserLicense -Identity $EmployeeDetails.Mail -RemoveLicenses "<tenant>:ENTERPRISEPACK"
}
Write-Host "Step 7. Give users rights on shared mailbox"
Write-Host "Write username for Full Access"
Add-MailboxPermission $EmployeeDetails.Mail -User $BackUp -AccessRights FullAccess
Write-Host "Step 8. Hiding $($EmployeeDetails.name) from Global Address lists" -ForegroundColor Yellow
Set-ADUser -identity $Employee -add @{ msExchHideFromAddressLists = "True" }
Set-ADUser -instance $EmployeeDetails -whatif
}else{
write-host " "
write-host "Employee disable request cancelled" -ForegroundColor Yellow
}