Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Purpose of this script is to manage terminated users in an automated fashion.
- ## Variables
- $upnInput = $upn.Text
- $NetTerm = $Selections.SelectedItem
- $Password = New-RandomComplexPassword
- $Today = Get-Date -Format MM/dd/yyyy
- $OneDriveLocal = "https://Contoso-my.sharepoint.com/personal/$upnInput" -replace "@Contoso.com","_Contoso_com"
- ##Code for the gui interface.
- Add-Type -AssemblyName System.Windows.Forms
- $Form = New-Object system.Windows.Forms.Form
- $Form.Text = "User Termination"
- $Form.TopMost = $true
- $Form.Width = 354
- $Form.Height = 145
- $upn = New-Object system.windows.Forms.TextBox
- $upn.Width = 161
- $upn.Height = 20
- $upn.location = new-object system.drawing.point(15,45)
- $upn.Font = "Microsoft Sans Serif,10"
- $Form.controls.Add($upn)
- $label3 = New-Object system.windows.Forms.Label
- $label3.Text = "Username with the @Contoso.com"
- $label3.AutoSize = $true
- $label3.Width = 25
- $label3.Height = 10
- $label3.location = new-object system.drawing.point(15,18)
- $label3.Font = "Microsoft Sans Serif,10"
- $Form.controls.Add($label3)
- $label4 = New-Object system.windows.Forms.Label
- $label4.Text = "Termination Term"
- $label4.AutoSize = $true
- $label4.Width = 25
- $label4.Height = 10
- $label4.location = new-object system.drawing.point(205,19)
- $label4.Font = "Microsoft Sans Serif,10"
- $Form.controls.Add($label4)
- $selections = New-Object system.windows.Forms.ComboBox
- $selections.Text = "Please make a selection"
- $selections.Width = 117
- $selections.Height = 20
- $selections.location = new-object system.drawing.point(204,46)
- $selections.Font = "Microsoft Sans Serif,10"
- $Form.controls.Add($selections)
- [void] $selections.Items.Add("Net90")
- [void] $selections.Items.Add("Net180")
- [void] $selections.Items.Add("Net360")
- $accept = New-Object system.windows.Forms.Button
- $accept.Text = "Accept"
- $accept.Width = 60
- $accept.Height = 30
- $accept.location = new-object system.drawing.point(97,73)
- $accept.DialogResult = [System.Windows.Forms.DialogResult]::OK
- $accept.Font = "Microsoft Sans Serif,10"
- $Form.controls.Add($accept)
- $cancel = New-Object system.windows.Forms.Button
- $cancel.Text = "Cancel"
- $cancel.Width = 60
- $cancel.Height = 30
- $cancel.location = new-object system.drawing.point(176,73)
- $cancel.DialogResult = [System.Windows.Forms.DialogResult]::Cancel
- $cancel.Font = "Microsoft Sans Serif,10"
- $cancel.Add_Click = [System.Enviroment]::Exit(0)
- $Form.controls.Add($cancel)
- [void]$Form.ShowDialog()
- $Form.Dispose()
- ## Functions
- Function New-RandomComplexPassword ($length=20)
- {
- $Assembly = Add-Type -AssemblyName System.Web
- $generatepw = [System.Web.Security.Membership]::GeneratePassword($length,2)
- return $generatepw
- }
- ## Add extension for later
- Set-ADUser -Identity $upnInput -Replace @{extensionAttribute2 = "$NetTerm"}
- ## Reset password to random password
- Set-ADAccountPassword -Identity $upnInput -NewPassword $Password
- ## Checks net extension and moves user to appropriate OU
- if ((Get-ADUser -Identity $upnInput -Properties * | Select-Object extensionAttribute2) -eq "Net90")
- {
- Move-ADObject -Identity $upnInput -TargetPath 'OU=Net90,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
- } elseif ((Get-ADUser -Identity $upnInput -Properties * | Select-Object extensionAttribute2) -eq "Net180") {
- Move-ADObject -Identity $upnInput -TargetPath 'OU=Net180,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
- } else {
- Move-ADObject -Identity $upnInput -TargetPath 'OU=Net360,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
- }
- ## Start eDiscovery to hold all email.
- $Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
- $Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@Contoso.onmicrosoft.com', $Password)
- $eDiscoverySession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
- Import-PSSession $eDiscoverySession
- New-ComplianceCase -Name "eDiscovery - $upnInput" -Description "This is an eDiscovery Case for user $upnInput starting on $Today."
- New-CaseHoldPolicy -Name "Hold Case for termed employee $upnInput" -Case "eDiscovery - $upnInput" -ExchangeLocation "$upnInput" -SharePointLocation $OneDriveLocal
- New-ComplianceSearch -Name "Compliance search for termed user $userInput" -Case "eDiscovery - $upnInput" -ExchangeLocation $upnInput -SharePointLocation $OneDriveLocal
- Start-Sleep -Seconds 15
- Start-ComplianceSearch -Identity "Compliance search for termed user $userInput"
- ## Forward email, change to shared mailbox.
- $Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
- $Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@kContoso.onmicrosoft.com', $Password)
- $EXOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
- Import-PSSession $EXOSession
- $managerUPN = Get-ADUser -Identity $upnInput -Properties * | Select-Object @{Name='Manager';Expression={(Get-ADUser $_.Manager).userPrincipalName}}
- Get-Mailbox -Identity $upnInput | Set-Mailbox -ForwardingAddress $managerUPN -DeliverToMailBoxAndForward $false
- Set-Mailbox -Identity $upnInput -Type Shared
- ## Removes license from user
- $Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
- $Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@Contoso.onmicrosoft.com', $Password)
- Connect-AzureAD -Credential $Cred
- $User = Get-AzureAdUser -SearchString $upnInput
- $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
- $License.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900"
- $LicensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
- $LicensesToAssign.AddLicenses = @()
- $LicensesToAssign.RemoveLicenses = $License.SkuId
- Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensesToAssign
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement