I decided to make a Powershell script that takes cares of most of the mouse-clicking out of our off-boarding process. The script is below, feel free to post any comments or questions.
What it does:
Things I will add:
---------------------- Powershell Code ------------------------------
#define variables #location to CSV file with usernames $csvFile = "C:\Users\jacoby\Documents\ScriptsandPowershell\terminations.csv" #location of disabled users OU $disabledUsersOU = "OU=Disabled Users,DC=internal,DC=mycompany,DC=com" #location of Exchange connection URI $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://sea-mail-01.internal.mycompany.com/PowerShell" #email body $me = $env:username $date = Get-date -Format "M.d.yyyy" $description = "By $me + On $date + quit or terminated" Import-Module ActiveDirectory #region - Use use this for CSV import # $users = Import-Csv $csvFile #endregion #region - Use this for single user input # $input = read-host "Enter Username" # $users = New-Object psobject -Property @{username = $input} #endregion $users | ForEach-Object { # Disable the account Disable-ADAccount -Identity $_.UserName -Confirm:$false # Retrieve the user object and MemberOf property $user = Get-ADUser -Identity $_.UserName -Properties MemberOf # Set Description ForEach-Object { Set-ADUser $_.username -Description "$description"} # Move user object to disabled users OU $user | Move-ADObject -TargetPath $disabledUsersOU -Confirm:$false # Remove all group memberships (will leave Domain Users as this is NOT in the MemberOf property returned by Get-ADUser) foreach ($group in ($user | Select-Object -ExpandProperty MemberOf)) { Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false } switch(get-aduser $user -Properties state | select -ExpandProperty state){ WA { $vendorcc1 = "vendoremail@none.com" $vendorcc2 = "vendoremail@none.com, vendoremail@none.com" } CA { $vendorcc1 = "vendoremail@none.com" $vendorcc2 = "vendoremail@none.com " } OR { $vendorcc1 = "vendoremail@none.com" $vendorcc2 = "vendoremail@none.com, vendoremail@none.com" } AK { $vendorcc1 = "vendoremail@none.com" $vendorcc2 = "vendoremail@none.com" } } } Write-Output "Removing users from Exchange - this may take some time...." #we're done with AD, this part connects to Exchange and remove the users from ALL groups except "Domain Users" and changes their allowed senders to "Postmaster" only Import-PSSession $ExchangeSession -AllowClobber set-mailbox $user.SamAccountName -HiddenFromAddressListsEnabled $true -AcceptMessagesOnlyFrom $Postmaster Remove-PSSession $ExchangeSession #that's done, let's send the email $users | foreach{ $user1 = $_.username $n = get-aduser $user1 -Properties name, city, state | select name, city, state $emailbody =@" <p>Greetings!</p> <p>The following users have been disabled from systems. This has been processed automatically. </p> <p>You are receiving this email so you can remove the user from the below systems.</p> <p> </p> <p>Name - $($n.name)</p> <p>Username - $($_.UserName)</p> <p><strong>Location - $($n.city), $($n.state)</strong></p> <p> </p> <p> </p> <p><strong>You must disable the users in the following systems:</strong></p> <ul> <li>vendor1</li> <li>vendor2</li> <li>vendor3</li> <li>vendor4</li> </ul> <p><br /><br />A copy of this message has been sent to $vendorcc1 and $vendorcc2. If you are a vendor1 or vendor2, please disable any account associated with the named user.</p> <p>Lastly, please mark any equipment assigned to this user as returned or available.</p> <p>Thanks! </p> "@ $splat = @{ To = "jacob@mycompany.com" # CC = "helpdesk@mycompany.com" # BCC = "$vendorcc1, $vendorcc2" From = "$me@mycompany.com" Subject = "The user $($n.name), with username $($_.UserName) has been disabled - Action Required" Body = $emailbody SmtpServer = "email.mycompany.com" BodyAsHtml = $true } Send-MailMessage @splat} $total = (get-content $csvFile).count $truetotal = $total - 1 Write-Host " $truetotal accounts have been processed..." -ForegroundColor Green pause
Hope you found this useful.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)