Term User Script

# Purpose of this script is to manage terminated users in an automated fashion.

## Variables

$upnInput = $upn.Text
$NetTerm = $Selections.SelectedItem
$Password = New-RandomComplexPassword
$Today = Get-Date -Format MM/dd/yyyy
$OneDriveLocal = "https://Contoso-my.sharepoint.com/personal/$upnInput" -replace "@Contoso.com","_Contoso_com"

##Code for the gui interface.

Add-Type -AssemblyName System.Windows.Forms

$Form = New-Object system.Windows.Forms.Form
$Form.Text = "User Termination"
$Form.TopMost = $true
$Form.Width = 354
$Form.Height = 145

$upn = New-Object system.windows.Forms.TextBox
$upn.Width = 161
$upn.Height = 20
$upn.location = new-object system.drawing.point(15,45)
$upn.Font = "Microsoft Sans Serif,10"
$Form.controls.Add($upn)

$label3 = New-Object system.windows.Forms.Label
$label3.Text = "Username with the @Contoso.com"
$label3.AutoSize = $true
$label3.Width = 25
$label3.Height = 10
$label3.location = new-object system.drawing.point(15,18)
$label3.Font = "Microsoft Sans Serif,10"
$Form.controls.Add($label3)

$label4 = New-Object system.windows.Forms.Label
$label4.Text = "Termination Term"
$label4.AutoSize = $true
$label4.Width = 25
$label4.Height = 10
$label4.location = new-object system.drawing.point(205,19)
$label4.Font = "Microsoft Sans Serif,10"
$Form.controls.Add($label4)

$selections = New-Object system.windows.Forms.ComboBox
$selections.Text = "Please make a selection"
$selections.Width = 117
$selections.Height = 20
$selections.location = new-object system.drawing.point(204,46)
$selections.Font = "Microsoft Sans Serif,10"
$Form.controls.Add($selections)

[void] $selections.Items.Add("Net90")
[void] $selections.Items.Add("Net180")
[void] $selections.Items.Add("Net360")

$accept = New-Object system.windows.Forms.Button
$accept.Text = "Accept"
$accept.Width = 60
$accept.Height = 30
$accept.location = new-object system.drawing.point(97,73)
$accept.DialogResult = [System.Windows.Forms.DialogResult]::OK
$accept.Font = "Microsoft Sans Serif,10"
$Form.controls.Add($accept)

$cancel = New-Object system.windows.Forms.Button
$cancel.Text = "Cancel"
$cancel.Width = 60
$cancel.Height = 30
$cancel.location = new-object system.drawing.point(176,73)
$cancel.DialogResult = [System.Windows.Forms.DialogResult]::Cancel
$cancel.Font = "Microsoft Sans Serif,10"
$cancel.Add_Click = [System.Enviroment]::Exit(0)

$Form.controls.Add($cancel)

[void]$Form.ShowDialog()
$Form.Dispose()

## Functions

Function New-RandomComplexPassword ($length=20)
{
    $Assembly = Add-Type -AssemblyName System.Web
    $generatepw = [System.Web.Security.Membership]::GeneratePassword($length,2)
    return $generatepw
}

## Add extension for later

Set-ADUser -Identity $upnInput -Replace @{extensionAttribute2 = "$NetTerm"}

## Reset password to random password

Set-ADAccountPassword -Identity $upnInput -NewPassword $Password

## Checks net extension and moves user to appropriate OU

if ((Get-ADUser -Identity $upnInput -Properties * | Select-Object extensionAttribute2) -eq "Net90")
{
    Move-ADObject -Identity $upnInput -TargetPath 'OU=Net90,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
    } elseif ((Get-ADUser -Identity $upnInput -Properties * | Select-Object extensionAttribute2) -eq "Net180") {
        Move-ADObject -Identity $upnInput -TargetPath 'OU=Net180,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
    } else {
        Move-ADObject -Identity $upnInput -TargetPath 'OU=Net360,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
}

## Start eDiscovery to hold all email.

$Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@Contoso.onmicrosoft.com', $Password)
$eDiscoverySession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $eDiscoverySession

New-ComplianceCase -Name "eDiscovery - $upnInput" -Description "This is an eDiscovery Case for user $upnInput starting on $Today."

New-CaseHoldPolicy -Name "Hold Case for termed employee $upnInput" -Case "eDiscovery - $upnInput" -ExchangeLocation "$upnInput" -SharePointLocation $OneDriveLocal

New-ComplianceSearch -Name "Compliance search for termed user $userInput" -Case "eDiscovery - $upnInput" -ExchangeLocation $upnInput -SharePointLocation $OneDriveLocal

Start-Sleep -Seconds 15

Start-ComplianceSearch -Identity "Compliance search for termed user $userInput"

## Forward email, change to shared mailbox.

$Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@kContoso.onmicrosoft.com', $Password)
$EXOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $EXOSession

$managerUPN = Get-ADUser -Identity $upnInput -Properties * | Select-Object @{Name='Manager';Expression={(Get-ADUser $_.Manager).userPrincipalName}}

Get-Mailbox -Identity $upnInput | Set-Mailbox -ForwardingAddress $managerUPN -DeliverToMailBoxAndForward $false

Set-Mailbox -Identity $upnInput -Type Shared

## Removes license from user

$Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@Contoso.onmicrosoft.com', $Password)
Connect-AzureAD -Credential $Cred

$User = Get-AzureAdUser -SearchString $upnInput
$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$License.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900"
$LicensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
$LicensesToAssign.AddLicenses = @()
$LicensesToAssign.RemoveLicenses = $License.SkuId
Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensesToAssign