PoshCode Archive  Hex Artifact Content

Artifact 560a906bd48c400133412ad19d4757d69c1a7164a2a536c20f69d2cf3732b901:

  • File Remove-Disabled-AD-Users.ps1 — part of check-in [3c2367737c] at 2018-06-10 13:21:27 on branch trunk — This script is a simple one that is meant to be scheduled on a periodic basis (we do it weekly). It looks inthe OU where we put our disabled AD users and removes users that have not logged in (inactive) for 400 days. This allows us to keep terminated employees disabled users for over a year for auditing purposes, but automatically cleans them out once the annual scope has passed. (user: DrDrewl size: 863)

0000: 23 20 65 6e 63 6f 64 69 6e 67 3a 20 61 73 63 69  # encoding: asci
0010: 69 0d 0a 23 20 61 70 69 3a 20 70 6f 77 65 72 73  i..# api: powers
0020: 68 65 6c 6c 0d 0a 23 20 74 69 74 6c 65 3a 20 52  hell..# title: R
0030: 65 6d 6f 76 65 20 44 69 73 61 62 6c 65 64 20 41  emove Disabled A
0040: 44 20 55 73 65 72 73 0d 0a 23 20 64 65 73 63 72  D Users..# descr
0050: 69 70 74 69 6f 6e 3a 20 54 68 69 73 20 73 63 72  iption: This scr
0060: 69 70 74 20 69 73 20 61 20 73 69 6d 70 6c 65 20  ipt is a simple 
0070: 6f 6e 65 20 74 68 61 74 20 69 73 20 6d 65 61 6e  one that is mean
0080: 74 20 74 6f 20 62 65 20 73 63 68 65 64 75 6c 65  t to be schedule
0090: 64 20 6f 6e 20 61 20 70 65 72 69 6f 64 69 63 20  d on a periodic 
00a0: 62 61 73 69 73 20 28 77 65 20 64 6f 20 69 74 20  basis (we do it 
00b0: 77 65 65 6b 6c 79 29 2e 20 49 74 20 6c 6f 6f 6b  weekly). It look
00c0: 73 20 69 6e 74 68 65 20 4f 55 20 77 68 65 72 65  s inthe OU where
00d0: 20 77 65 20 70 75 74 20 6f 75 72 20 64 69 73 61   we put our disa
00e0: 62 6c 65 64 20 41 44 20 75 73 65 72 73 20 61 6e  bled AD users an
00f0: 64 20 72 65 6d 6f 76 65 73 20 75 73 65 72 73 20  d removes users 
0100: 74 68 61 74 20 68 61 76 65 20 6e 6f 74 20 6c 6f  that have not lo
0110: 67 67 65 64 20 69 6e 20 28 69 6e 61 63 74 69 76  gged in (inactiv
0120: 65 29 20 66 6f 72 20 34 30 30 20 64 61 79 73 2e  e) for 400 days.
0130: 20 54 68 69 73 20 61 6c 6c 6f 77 73 20 75 73 20   This allows us 
0140: 74 6f 20 6b 65 65 70 20 74 65 72 6d 69 6e 61 74  to keep terminat
0150: 65 64 20 65 6d 70 6c 6f 79 65 65 73 20 64 69 73  ed employees dis
0160: 61 62 6c 65 64 20 75 73 65 72 73 20 66 6f 72 20  abled users for 
0170: 6f 76 65 72 20 61 20 79 65 61 72 20 66 6f 72 20  over a year for 
0180: 61 75 64 69 74 69 6e 67 20 70 75 72 70 6f 73 65  auditing purpose
0190: 73 2c 20 62 75 74 20 61 75 74 6f 6d 61 74 69 63  s, but automatic
01a0: 61 6c 6c 79 20 63 6c 65 61 6e 73 20 74 68 65 6d  ally cleans them
01b0: 20 6f 75 74 20 6f 6e 63 65 20 74 68 65 20 61 6e   out once the an
01c0: 6e 75 61 6c 20 73 63 6f 70 65 20 68 61 73 20 70  nual scope has p
01d0: 61 73 73 65 64 2e 0d 0a 23 20 76 65 72 73 69 6f  assed...# versio
01e0: 6e 3a 20 34 30 30 2e 30 30 0d 0a 23 20 74 79 70  n: 400.00..# typ
01f0: 65 3a 20 6d 6f 64 75 6c 65 0d 0a 23 20 61 75 74  e: module..# aut
0200: 68 6f 72 3a 20 44 72 44 72 65 77 6c 0d 0a 23 20  hor: DrDrewl..# 
0210: 6c 69 63 65 6e 73 65 3a 20 43 43 30 0d 0a 23 20  license: CC0..# 
0220: 78 2d 70 6f 73 68 63 6f 64 65 2d 69 64 3a 20 33  x-poshcode-id: 3
0230: 31 36 33 0d 0a 23 20 78 2d 61 72 63 68 69 76 65  163..# x-archive
0240: 64 3a 20 32 30 31 36 2d 30 38 2d 31 32 54 31 30  d: 2016-08-12T10
0250: 3a 33 38 3a 32 31 0d 0a 23 20 78 2d 70 75 62 6c  :38:21..# x-publ
0260: 69 73 68 65 64 3a 20 32 30 31 32 2d 30 31 2d 31  ished: 2012-01-1
0270: 33 54 31 32 3a 30 35 3a 30 30 0d 0a 23 0d 0a 23  3T12:05:00..#..#
0280: 0d 0a 69 6d 70 6f 72 74 2d 6d 6f 64 75 6c 65 20  ..import-module 
0290: 41 63 74 69 76 65 44 49 72 65 63 74 6f 72 79 0d  ActiveDIrectory.
02a0: 0a 73 65 61 72 63 68 2d 61 64 61 63 63 6f 75 6e  .search-adaccoun
02b0: 74 20 2d 73 65 61 72 63 68 62 61 73 65 20 22 6f  t -searchbase "o
02c0: 75 3d 55 73 65 72 4f 62 6a 65 63 74 73 50 65 6e  u=UserObjectsPen
02d0: 64 69 6e 67 44 65 6c 65 74 69 6f 6e 2c 44 43 3d  dingDeletion,DC=
02e0: 6d 79 64 6f 6d 61 69 6e 2c 44 43 3d 63 6f 6d 22  mydomain,DC=com"
02f0: 20 2d 41 63 63 6f 75 6e 74 69 6e 61 63 74 69 76   -Accountinactiv
0300: 65 20 2d 54 69 6d 65 73 70 61 6e 20 34 30 30 2e  e -Timespan 400.
0310: 30 30 3a 30 30 3a 30 30 20 7c 20 77 68 65 72 65  00:00:00 | where
0320: 20 7b 24 5f 2e 6f 62 6a 65 63 74 63 6c 61 73 73   {$_.objectclass
0330: 20 2d 65 71 20 27 75 73 65 72 27 7d 20 7c 20 20   -eq 'user'} |  
0340: 72 65 6d 6f 76 65 2d 61 64 75 73 65 72 20 2d 63  remove-aduser -c
0350: 6f 6e 66 69 72 6d 3a 24 66 61 6c 73 65 0d 0a     onfirm:$false..