SHARE
TWEET

Term User Script

a guest Oct 4th, 2017 179 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Purpose of this script is to manage terminated users in an automated fashion.
  2.  
  3. ## Variables
  4.  
  5. $upnInput = $upn.Text
  6. $NetTerm = $Selections.SelectedItem
  7. $Password = New-RandomComplexPassword
  8. $Today = Get-Date -Format MM/dd/yyyy
  9. $OneDriveLocal = "https://Contoso-my.sharepoint.com/personal/$upnInput" -replace "@Contoso.com","_Contoso_com"
  10.  
  11. ##Code for the gui interface.
  12.  
  13. Add-Type -AssemblyName System.Windows.Forms
  14.  
  15. $Form = New-Object system.Windows.Forms.Form
  16. $Form.Text = "User Termination"
  17. $Form.TopMost = $true
  18. $Form.Width = 354
  19. $Form.Height = 145
  20.  
  21. $upn = New-Object system.windows.Forms.TextBox
  22. $upn.Width = 161
  23. $upn.Height = 20
  24. $upn.location = new-object system.drawing.point(15,45)
  25. $upn.Font = "Microsoft Sans Serif,10"
  26. $Form.controls.Add($upn)
  27.  
  28. $label3 = New-Object system.windows.Forms.Label
  29. $label3.Text = "Username with the @Contoso.com"
  30. $label3.AutoSize = $true
  31. $label3.Width = 25
  32. $label3.Height = 10
  33. $label3.location = new-object system.drawing.point(15,18)
  34. $label3.Font = "Microsoft Sans Serif,10"
  35. $Form.controls.Add($label3)
  36.  
  37. $label4 = New-Object system.windows.Forms.Label
  38. $label4.Text = "Termination Term"
  39. $label4.AutoSize = $true
  40. $label4.Width = 25
  41. $label4.Height = 10
  42. $label4.location = new-object system.drawing.point(205,19)
  43. $label4.Font = "Microsoft Sans Serif,10"
  44. $Form.controls.Add($label4)
  45.  
  46. $selections = New-Object system.windows.Forms.ComboBox
  47. $selections.Text = "Please make a selection"
  48. $selections.Width = 117
  49. $selections.Height = 20
  50. $selections.location = new-object system.drawing.point(204,46)
  51. $selections.Font = "Microsoft Sans Serif,10"
  52. $Form.controls.Add($selections)
  53.  
  54. [void] $selections.Items.Add("Net90")
  55. [void] $selections.Items.Add("Net180")
  56. [void] $selections.Items.Add("Net360")
  57.  
  58. $accept = New-Object system.windows.Forms.Button
  59. $accept.Text = "Accept"
  60. $accept.Width = 60
  61. $accept.Height = 30
  62. $accept.location = new-object system.drawing.point(97,73)
  63. $accept.DialogResult = [System.Windows.Forms.DialogResult]::OK
  64. $accept.Font = "Microsoft Sans Serif,10"
  65. $Form.controls.Add($accept)
  66.  
  67. $cancel = New-Object system.windows.Forms.Button
  68. $cancel.Text = "Cancel"
  69. $cancel.Width = 60
  70. $cancel.Height = 30
  71. $cancel.location = new-object system.drawing.point(176,73)
  72. $cancel.DialogResult = [System.Windows.Forms.DialogResult]::Cancel
  73. $cancel.Font = "Microsoft Sans Serif,10"
  74. $cancel.Add_Click = [System.Enviroment]::Exit(0)
  75.  
  76. $Form.controls.Add($cancel)
  77.  
  78. [void]$Form.ShowDialog()
  79. $Form.Dispose()
  80.  
  81. ## Functions
  82.  
  83. Function New-RandomComplexPassword ($length=20)
  84. {
  85.     $Assembly = Add-Type -AssemblyName System.Web
  86.     $generatepw = [System.Web.Security.Membership]::GeneratePassword($length,2)
  87.     return $generatepw
  88. }
  89.  
  90. ## Add extension for later
  91.  
  92. Set-ADUser -Identity $upnInput -Replace @{extensionAttribute2 = "$NetTerm"}
  93.  
  94. ## Reset password to random password
  95.  
  96. Set-ADAccountPassword -Identity $upnInput -NewPassword $Password
  97.  
  98. ## Checks net extension and moves user to appropriate OU
  99.  
  100. if ((Get-ADUser -Identity $upnInput -Properties * | Select-Object extensionAttribute2) -eq "Net90")
  101. {
  102.     Move-ADObject -Identity $upnInput -TargetPath 'OU=Net90,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
  103.     } elseif ((Get-ADUser -Identity $upnInput -Properties * | Select-Object extensionAttribute2) -eq "Net180") {
  104.         Move-ADObject -Identity $upnInput -TargetPath 'OU=Net180,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
  105.     } else {
  106.         Move-ADObject -Identity $upnInput -TargetPath 'OU=Net360,OU=NotActive,OU=Contoso,DC=Contoso,DC=PRI'
  107. }
  108.  
  109. ## Start eDiscovery to hold all email.
  110.  
  111. $Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
  112. $Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@Contoso.onmicrosoft.com', $Password)
  113. $eDiscoverySession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
  114. Import-PSSession $eDiscoverySession
  115.  
  116. New-ComplianceCase -Name "eDiscovery - $upnInput" -Description "This is an eDiscovery Case for user $upnInput starting on $Today."
  117.  
  118. New-CaseHoldPolicy -Name "Hold Case for termed employee $upnInput" -Case "eDiscovery - $upnInput" -ExchangeLocation "$upnInput" -SharePointLocation $OneDriveLocal
  119.  
  120. New-ComplianceSearch -Name "Compliance search for termed user $userInput" -Case "eDiscovery - $upnInput" -ExchangeLocation $upnInput -SharePointLocation $OneDriveLocal
  121.  
  122. Start-Sleep -Seconds 15
  123.  
  124. Start-ComplianceSearch -Identity "Compliance search for termed user $userInput"
  125.  
  126. ## Forward email, change to shared mailbox.
  127.  
  128. $Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
  129. $Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@kContoso.onmicrosoft.com', $Password)
  130. $EXOSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection
  131. Import-PSSession $EXOSession
  132.  
  133. $managerUPN = Get-ADUser -Identity $upnInput -Properties * | Select-Object @{Name='Manager';Expression={(Get-ADUser $_.Manager).userPrincipalName}}
  134.  
  135. Get-Mailbox -Identity $upnInput | Set-Mailbox -ForwardingAddress $managerUPN -DeliverToMailBoxAndForward $false
  136.  
  137. Set-Mailbox -Identity $upnInput -Type Shared
  138.  
  139. ## Removes license from user
  140.  
  141. $Password = "RandomPasswordTemp" | ConvertTo-SecureString -AsPlainText -Force
  142. $Cred = New-Object System.Management.Automation.PSCredential('AutomationAccount@Contoso.onmicrosoft.com', $Password)
  143. Connect-AzureAD -Credential $Cred
  144.  
  145. $User = Get-AzureAdUser -SearchString $upnInput
  146. $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
  147. $License.SkuId = "6fd2c87f-b296-42f0-b197-1e91e994b900"
  148. $LicensesToAssign = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
  149. $LicensesToAssign.AddLicenses = @()
  150. $LicensesToAssign.RemoveLicenses = $License.SkuId
  151. Set-AzureADUserLicense -ObjectId $User.ObjectId -AssignedLicenses $LicensesToAssign
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top