I decided to make a Powershell script that takes cares of most of the mouse-clicking out of our off-boarding process. The script is below, feel free to post any comments or questions.
What it does:
Things I will add:
---------------------- Powershell Code ------------------------------
#define variables
#location to CSV file with usernames
$csvFile = "C:\Users\jacoby\Documents\ScriptsandPowershell\terminations.csv"
#location of disabled users OU
$disabledUsersOU = "OU=Disabled Users,DC=internal,DC=mycompany,DC=com"
#location of Exchange connection URI
$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://sea-mail-01.internal.mycompany.com/PowerShell"
#email body
$me = $env:username
$date = Get-date -Format "M.d.yyyy"
$description = "By $me + On $date + quit or terminated"
Import-Module ActiveDirectory
#region - Use use this for CSV import
# $users = Import-Csv $csvFile
#endregion
#region - Use this for single user input
# $input = read-host "Enter Username"
# $users = New-Object psobject -Property @{username = $input}
#endregion
$users | ForEach-Object {
# Disable the account
Disable-ADAccount -Identity $_.UserName -Confirm:$false
# Retrieve the user object and MemberOf property
$user = Get-ADUser -Identity $_.UserName -Properties MemberOf
# Set Description
ForEach-Object { Set-ADUser $_.username -Description "$description"}
# Move user object to disabled users OU
$user | Move-ADObject -TargetPath $disabledUsersOU -Confirm:$false
# Remove all group memberships (will leave Domain Users as this is NOT in the MemberOf property returned by Get-ADUser)
foreach ($group in ($user | Select-Object -ExpandProperty MemberOf))
{
Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false
}
switch(get-aduser $user -Properties state | select -ExpandProperty state){
WA {
$vendorcc1 = "vendoremail@none.com"
$vendorcc2 = "vendoremail@none.com, vendoremail@none.com"
}
CA {
$vendorcc1 = "vendoremail@none.com"
$vendorcc2 = "vendoremail@none.com "
}
OR {
$vendorcc1 = "vendoremail@none.com"
$vendorcc2 = "vendoremail@none.com, vendoremail@none.com"
}
AK {
$vendorcc1 = "vendoremail@none.com"
$vendorcc2 = "vendoremail@none.com"
}
}
}
Write-Output "Removing users from Exchange - this may take some time...."
#we're done with AD, this part connects to Exchange and remove the users from ALL groups except "Domain Users" and changes their allowed senders to "Postmaster" only
Import-PSSession $ExchangeSession -AllowClobber
set-mailbox $user.SamAccountName -HiddenFromAddressListsEnabled $true -AcceptMessagesOnlyFrom $Postmaster
Remove-PSSession $ExchangeSession
#that's done, let's send the email
$users | foreach{
$user1 = $_.username
$n = get-aduser $user1 -Properties name, city, state | select name, city, state
$emailbody =@"
<p>Greetings!</p>
<p>The following users have been disabled from systems. This has been processed automatically. </p>
<p>You are receiving this email so you can remove the user from the below systems.</p>
<p> </p>
<p>Name - $($n.name)</p>
<p>Username - $($_.UserName)</p>
<p><strong>Location - $($n.city), $($n.state)</strong></p>
<p> </p>
<p> </p>
<p><strong>You must disable the users in the following systems:</strong></p>
<ul>
<li>vendor1</li>
<li>vendor2</li>
<li>vendor3</li>
<li>vendor4</li>
</ul>
<p><br /><br />A copy of this message has been sent to $vendorcc1 and $vendorcc2. If you are a vendor1 or vendor2, please disable any account associated with the named user.</p>
<p>Lastly, please mark any equipment assigned to this user as returned or available.</p>
<p>Thanks! </p>
"@
$splat = @{
To = "jacob@mycompany.com"
# CC = "helpdesk@mycompany.com"
# BCC = "$vendorcc1, $vendorcc2"
From = "$me@mycompany.com"
Subject = "The user $($n.name), with username $($_.UserName) has been disabled - Action Required"
Body = $emailbody
SmtpServer = "email.mycompany.com"
BodyAsHtml = $true
}
Send-MailMessage @splat}
$total = (get-content $csvFile).count
$truetotal = $total - 1
Write-Host " $truetotal accounts have been processed..." -ForegroundColor Green
pause
Hope you found this useful.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)