PoshCode Archive  Artifact Content

Artifact 15bde69c65f67926867d42bb5bed5467c39309f7fb7490f6421b97ef544b4894:

  • File User-Termination-Script.ps1 — part of check-in [eb75d18dc4] at 2018-06-10 13:48:30 on branch trunk — The script below has 3 different components & was designed for use by our Service Desk. When a user is terminated, the script will remove them from Lync, remove all mailbox information (forwarding rules etc) in Exchange 2010, disable Ad object, remove group membership & move to “Disabled Users” OU. (user: David Woods size: 7416)

# encoding: utf-8
# api: powershell
# title: User Termination Script
# description: The script below has 3 different components & was designed for use by our Service Desk. When a user is terminated, the script will remove them from Lync, remove all mailbox information (forwarding rules etc) in Exchange 2010, disable Ad object, remove group membership & move to “Disabled Users” OU.
# version: 0.1
# type: module
# author: David Woods
# license: CC0
# x-poshcode-id: 4990
# x-archived: 2016-04-23T15:25:51
# x-published: 2016-03-17T00:20:00
#
#
$blnCheckSnappin = Get-PSSnapin | where {$_.Name -eq "microsoft.exchange.management.powershell.e2010"}

if ($blnCheckSnappin -eq $null)
{    
    add-pssnapin "microsoft.exchange.management.powershell.e2010" -ErrorVariable errSnapin ;
    . $env:ExchangeInstallPath\bin\RemoteExchange-mod.ps1
    Connect-ExchangeServer -Server <YourExchangeServer> -allowclobber
}
    
Import-Module "$env:programfiles\Common Files\Microsoft Lync Server 2010\Modules\Lync\Lync.psd1"
Import-Module ActiveDirectory

function terminateUser 
{   

    $strMsg1 = ""
    $strMsg2 = ""
    $strMsg3 = ""
    $strMsg4 = ""
    $strMsg5 = ""
    $strUserID = $args[0]
    
    try
    {
        $blnUserExists = get-aduser $strUserID
    }
    catch
    {

    }    

    if($blnUserExists)
    {
        $strMsg3 += "`r`n` "
    	$strMsg3 += "Are you sure you wish to continue? (Y/N) `r`n` "        
        $strMsg3 += "`r`n` "

        $strContinue = read-host $strMsg3
        
        if($strContinue -eq "Y")
        {   			
            $strRunLog = "$strRunDir\Logs\$strUserID-log-$strDate.txt"
            $arrAttachments = @($strRunLog)
            
            start-transcript -path $strRunLog | Out-null

   			# This section will remove the Lync account `r`n` "
                        
            Disable-CSuser -identity $strUserID 
             
            # This section will disable the Exchange account `r`n` "

            Get-InboxRule -Mailbox $strUserID  | Remove-InboxRule -Confirm:$false -Force        
            Set-CASMailbox -Identity $strUserID -ActiveSyncEnabled:$False -OWAEnabled:$False
            Get-ActiveSyncDevice Mailbox $strUserID | Remove-ActiveSyncDevice -Confirm:$False          
            Set-mailbox -Identity $strUserID -HiddenFromAddressListsEnabled:$true -ForwardingAddress $Null
            
                    
            # This section will move & disable the AD object account `r`n` "
            
            Get-ADPrincipalGroupMembership -Identity $strUserID | Select-object name | format-table
                                     
            Get-ADPrincipalGroupMembership -Identity $strUserID | Where {$_.Name -ne "Domain Users"} | ForEach-Object {Remove-ADPrincipalGroupMembership -Identity $strUserID -MemberOf $_.SamAccountName -Confirm:$False}
            
            Set-ADuser -identity $strUserID -Manager $Null
            Disable-ADAccount -identity $strUserID 
            Get-ADUser -identity $strUserID | Move-ADobject -TargetPath "OU=Disabled,OU=Users,OU=Client,DC=YOURCOMPANY,DC=com,DC=au"                                
            
            $strMsg4 += "`r`n` "    		
            $strMsg4 += "The Termination script for",$strUserID,"has completed. `r`n` "
            $strMsg4 += " `r`n` "
            $strMsg4 += "A log of the session can be located at: $strRunLog. `r`n` "
            $strMsg4 += "`r`n` "    		
            
            Write-host $strMsg4                                                     
            
            $strSubject = "Account Termination Log - $strUserID - Operation Successful"                                             
                        
            stop-transcript | Out-null
            
            start-process notepad.exe $strRunLog
                        
            send-MailMessage -SmtpServer $strSMTPserver -To $arrRecipient -From $strFrom -Subject $strSubject -attachments $arrAttachments -Priority high 
            
            $strMsg5 += "`r`n` "
        	$strMsg5 += "User account terminated. Do you wish to terminate another account? (Y/N) `r`n` "
            $strMsg5 += "`r`n` "
            $strMsg5 += "`r`n` "

            $strContinue = read-host $strMsg5
            
            if($strContinue -eq "Y")
            {
                enterUser
            }
            else
            {
                [System.Windows.Forms.MessageBox]::Show("Exiting Script. ","Status")    
            }                
        }
        else
        {
            [System.Windows.Forms.MessageBox]::Show("Exiting Script. ","Status")  
        }        

    }
    else
    {
        [System.Windows.Forms.MessageBox]::Show("ERROR. $strUserID does not exist in AD. Exiting script. ","Status")  
    }
 }    
 
 function enterUser
 {
 
     $strMsg2 += "`r`n` "
     $strMsg2 += "Please enter the user's AD Account Below: `r`n` "
     $strMsg2 += "`r`n` "
     
     $strUserID = read-host $strMsg2
     $strUserID = $strUserID.Trim()

     terminateUser $strUserID
 }        

[console]::ForegroundColor = "yellow"

# User Termination Process Script for <YourCompany>
# 
# Created by EBS Platforms Team - 2014
#
# Script will read in userid & output results to a text file
# EXAMPLE: UserTermination.ps1
#
# This script will accomplish the following:
#  A) Disable Lync Account (Lync 2010)
#  B) Remove Inbox Rules (Exchange 2010)
#  C) Remove all Mail Forwarding Rules (Exchange 2010)
#  D) Hide email address from Exchange Address Lists (Exchange 2010)
#  E) Remove Group Membership (including DL) from AD object (Active Directory)
#  F) Remove Manager Field from AD object (Active Directory)
#  G) Disable Account (Active Directory)
#  H) Move disabled AD object to Disabled OU
#
# Ask for userid & query if action is correct

[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-null

#
# Declare variables
#

$StrInvocation = (Get-Variable MyInvocation).Value
$strRunDir = Split-Path $StrInvocation.MyCommand.Path
$strDate = get-date -format "dd-MMM-yyyy-HHmm"
$blnUserExists = $false
$strUserID = ""
$strSMTPserver = "<YourMailServer>"  
$strFrom = "<YourAddress>"    
$arrRecipient = @("<YourRecipients>")
$strSubject = ""
$strDebug = ""
$strOperator = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name

$strMsg1 += "`r`n` "
$strMsg1 += "User Termination Process Script for <YourCompany> `r`n` "
$strMsg1 += "`r`n` "
$strMsg1 += "Created by EBS Platforms Team - 2014 `r`n` "
$strMsg1 += "`r`n` "
$strMsg1 += "This script will accomplish the following: `r`n` "
$strMsg1 += "`r`n` "
$strMsg1 += "1.) Disable Lync Account (Lync 2010) `r`n` "
$strMsg1 += "2.) Remove Inbox Rules (Exchange 2010) `r`n` "
$strMsg1 += "3.) Remove all Mail Forwarding Rules (Exchange 2010) `r`n` "
$strMsg1 += "4.) Hide email address from Exchange Address Lists (Exchange 2010) `r`n` "
$strMsg1 += "5.) Remove Group Membership (including DL) from AD object (Active Directory) `r`n` "
$strMsg1 += "6.) Remove Manager Field from AD object (Active Directory) `r`n` "
$strMsg1 += "7.) Disable Account (Active Directory) `r`n` "
$strMsg1 += "8.) Move disabled AD object to Disabled OU `r`n` "

write-host $strMsg1

enterUser