API tools faq
paste
Advertisement
Guest User

DisableUsers

a guest
Jun 13th, 2018
2,437
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.25 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. .NOTES
  3. ===========================================================================
  4. Created with: SAPIEN Technologies, Inc., PowerShell Studio 2016 v5.2.128
  5. Created on: 04/11/2016 21:00
  6. Created by: Maurice Daly
  7. Filename: DisableUserOffice365.ps1
  8. ===========================================================================
  9. .DESCRIPTION
  10. This script provides a standard off-boarding method for staff leaving
  11. the company.
  12.  
  13. The script does the following;
  14. 1. Disables the specified user account
  15. 2. Updates the user description with the user who disabled the account
  16. and the time/date when the account was disabled
  17. 3. Moves the account to the disabled user account OU (needs to exist)
  18. 4. Sets an out of office reply stating that the employee has left the company
  19. 5. Disables activesync, pop3, imap etc
  20. 6. Places mail account into legal hold for 7 years (requires Office 365 E3)
  21. 7. Hides the mail account from the GAL
  22. 8. Emails the former employee's manager advising that the account has been disabled
  23.  
  24. Version 1.0
  25. Initial release
  26.  
  27. Use : This script is provided as it and I accept no responsibility for
  28. any issues arising from its use.
  29.  
  30. Twitter : @modaly_it
  31. Blog : https://modalyitblog.wordpress.com/
  32. #>
  33.  
  34. Write-Host " **************** PLEASE ENTER ACTIVE DIRECTORY ADMIN CREDENTIALS **************** "
  35. $Credential = Get-Credential -Credential "$env:DOMAIN\$env:username"
  36. $DC = $env:LOGONSERVER.Substring(2)
  37.  
  38. #Initiate Remote PS Session to local DC
  39. $ADPowerShell = New-PSSession -ComputerName $DC -Authentication Negotiate -Credential $Credential
  40.  
  41. # Import-Module ActiveDirectory
  42. write-host "Importing Active Directory PowerShell Commandlets"
  43. Invoke-Command -Session $ADPowerShell -scriptblock { import-module ActiveDirectory }
  44. Import-PSSession -Session $ADPowerShell -Module ActiveDirectory -AllowClobber -ErrorAction Stop
  45.  
  46. # Retrieve AD Details
  47. $ADDetails = Get-ADDomain
  48. $Domain = $ADDetails.DNSRoot
  49. Clear-Host
  50.  
  51. write-host "Importing Office 365 PowerShell Commandlets"
  52. Write-Host -ForegroundColor White -BackgroundColor DarkBlue " **************** PLEASE ENTER OFFICE 365 ADMIN CREDENTIALS **************** "
  53. $Office365Credential = Get-Credential
  54. $Office365PowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Office365Credential -Authentication Basic -AllowRedirection
  55. Import-PSSession $Office365PowerShell
  56. Clear-Host
  57.  
  58. write-host " **************** Disable Active Directory User Account & Enable Out Of Office **************** "
  59. write-host " "
  60.  
  61. # Get Variables
  62. $DisabledDate = Get-Date
  63. $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
  64. $DisabledBy = Get-ADUser "$env:username" -properties Mail
  65. $DisabledByEmail = $DisabledBy.Mail
  66.  
  67. # Prompt for AD Username
  68. $Employee = Read-Host "Employee Username"
  69. $EmployeeDetails = Get-ADUser $Employee -properties *
  70. If ($EmployeeDetails.Manager -ne $null)
  71. {
  72. $Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
  73. }
  74.  
  75. Clear-Host
  76.  
  77. # Prompt for confirmation
  78. write-host " ******************************** CONFIRM USER DISABLE REQUEST ******************************** "
  79. write-host " "
  80. write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
  81. $EmployeeDetails | fl Name, Title, Company, @{ Expression = { $_.mail }; Label = "Email Address" }, @{Expression = { $_.Created }; Label = "Employment Started"}
  82.  
  83. $choice = " "
  84. while ($choice -notmatch "[y|n]")
  85. {
  86. $choice = read-host "Do you want to continue? (Y/N)"
  87. }
  88.  
  89. # Actions
  90. if ($choice -eq "y")
  91. {
  92. Clear-Host
  93. write-host " ******************************** DISABLING USER ACCOUNT ******************************** "
  94. write-host " "
  95. write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
  96. Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
  97. write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
  98. Disable-ADAccount $Employee
  99. Remove-ADPrincipalGroupMembership -Identity $Employee -MemberOf $ADgroups -Confirm:$false
  100. write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
  101. write-host " "
  102. Move-ADObject -Identity $EmployeeDetails.DistinguishedName -targetpath "OU=Disabled Users,DC=DOMAIN,DC=local"
  103. write-host "Waiting 5 seconds for AD & Exchange OU update to complete"
  104. sleep -Seconds 5
  105. write-host " "
  106. write-host "Refreshing Employee Details for Exchange Modification."
  107. write-host " "
  108. Get-ADUser $Employee -Properties Description | Format-List Name, Enabled, Description
  109. write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
  110. Set-MailboxAutoReplyConfiguration -Identity $EmployeeDetails.Mail -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for COMPANY as of $LeaveDate." -ExternalMessage "Please note that I no longer work for COMPANY as of $LeaveDate."
  111. Write-Host "Step 5. Disabling POP,IMAP, OWA and ActiveSync access for $User" -ForegroundColor Yellow
  112. Set-CasMailbox -Identity $EmployeeDetails.mail -OWAEnabled $false -POPEnabled $false -ImapEnabled $false -ActiveSyncEnabled $false
  113. Write-Host "Step 6. Hiding $($EmployeeDetails.name) from Global Address lists" -ForegroundColor Yellow
  114. Set-ADUser -identity $Employee -add @{ msExchHideFromAddressLists = "True" }
  115. Set-ADUser -instance $EmployeeDetails -whatif
  116. If ($Manager.Mail -like "*@*")
  117. {
  118. Write-Host "Step 7. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
  119. $msg = new-object Net.Mail.MailMessage
  120. $smtp = new-object Net.Mail.SmtpClient("DOMAIN.mail.protection.outlook.com")
  121. $msg.From = "itservicedesk@COMPANY.com"
  122. $msg.To.Add("$($Manager.Mail)")
  123. $msg.subject = "IT Notification - Employee Leaving Confirmation"
  124. $msg.body = "This email is confirm that $($EmployeeDetails.Name)'s account has been disabled. An out of office notification advising that $($EmployeeDetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days. Should you require access to $($EmployeeDetails.Name) email account or personal drive, please contact the IT Service Desk."
  125. $smtp.Send($msg)
  126. }
  127. }else{
  128. write-host " "
  129. write-host "Employee disable request canceled" -ForegroundColor Yellow
  130. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!