# encoding: utf-8 # api: powershell # title: User Termination Script # description: The script below has 3 different components & was designed for use by our Service Desk. When a user is terminated, the script will remove them from Lync, remove all mailbox information (forwarding rules etc) in Exchange 2010, disable Ad object, remove group membership & move to “Disabled Users” OU. # version: 0.1 # type: module # author: David Woods # license: CC0 # x-poshcode-id: 4990 # x-archived: 2016-04-23T15:25:51 # x-published: 2016-03-17T00:20:00 # # $blnCheckSnappin = Get-PSSnapin | where {$_.Name -eq "microsoft.exchange.management.powershell.e2010"} if ($blnCheckSnappin -eq $null) { add-pssnapin "microsoft.exchange.management.powershell.e2010" -ErrorVariable errSnapin ; . $env:ExchangeInstallPath\bin\RemoteExchange-mod.ps1 Connect-ExchangeServer -Server -allowclobber } Import-Module "$env:programfiles\Common Files\Microsoft Lync Server 2010\Modules\Lync\Lync.psd1" Import-Module ActiveDirectory function terminateUser { $strMsg1 = "" $strMsg2 = "" $strMsg3 = "" $strMsg4 = "" $strMsg5 = "" $strUserID = $args[0] try { $blnUserExists = get-aduser $strUserID } catch { } if($blnUserExists) { $strMsg3 += "`r`n` " $strMsg3 += "Are you sure you wish to continue? (Y/N) `r`n` " $strMsg3 += "`r`n` " $strContinue = read-host $strMsg3 if($strContinue -eq "Y") { $strRunLog = "$strRunDir\Logs\$strUserID-log-$strDate.txt" $arrAttachments = @($strRunLog) start-transcript -path $strRunLog | Out-null # This section will remove the Lync account `r`n` " Disable-CSuser -identity $strUserID # This section will disable the Exchange account `r`n` " Get-InboxRule -Mailbox $strUserID | Remove-InboxRule -Confirm:$false -Force Set-CASMailbox -Identity $strUserID -ActiveSyncEnabled:$False -OWAEnabled:$False Get-ActiveSyncDevice Mailbox $strUserID | Remove-ActiveSyncDevice -Confirm:$False Set-mailbox -Identity $strUserID -HiddenFromAddressListsEnabled:$true -ForwardingAddress $Null # This section will move & disable the AD object account `r`n` " Get-ADPrincipalGroupMembership -Identity $strUserID | Select-object name | format-table Get-ADPrincipalGroupMembership -Identity $strUserID | Where {$_.Name -ne "Domain Users"} | ForEach-Object {Remove-ADPrincipalGroupMembership -Identity $strUserID -MemberOf $_.SamAccountName -Confirm:$False} Set-ADuser -identity $strUserID -Manager $Null Disable-ADAccount -identity $strUserID Get-ADUser -identity $strUserID | Move-ADobject -TargetPath "OU=Disabled,OU=Users,OU=Client,DC=YOURCOMPANY,DC=com,DC=au" $strMsg4 += "`r`n` " $strMsg4 += "The Termination script for",$strUserID,"has completed. `r`n` " $strMsg4 += " `r`n` " $strMsg4 += "A log of the session can be located at: $strRunLog. `r`n` " $strMsg4 += "`r`n` " Write-host $strMsg4 $strSubject = "Account Termination Log - $strUserID - Operation Successful" stop-transcript | Out-null start-process notepad.exe $strRunLog send-MailMessage -SmtpServer $strSMTPserver -To $arrRecipient -From $strFrom -Subject $strSubject -attachments $arrAttachments -Priority high $strMsg5 += "`r`n` " $strMsg5 += "User account terminated. Do you wish to terminate another account? (Y/N) `r`n` " $strMsg5 += "`r`n` " $strMsg5 += "`r`n` " $strContinue = read-host $strMsg5 if($strContinue -eq "Y") { enterUser } else { [System.Windows.Forms.MessageBox]::Show("Exiting Script. ","Status") } } else { [System.Windows.Forms.MessageBox]::Show("Exiting Script. ","Status") } } else { [System.Windows.Forms.MessageBox]::Show("ERROR. $strUserID does not exist in AD. Exiting script. ","Status") } } function enterUser { $strMsg2 += "`r`n` " $strMsg2 += "Please enter the user's AD Account Below: `r`n` " $strMsg2 += "`r`n` " $strUserID = read-host $strMsg2 $strUserID = $strUserID.Trim() terminateUser $strUserID } [console]::ForegroundColor = "yellow" # User Termination Process Script for # # Created by EBS Platforms Team - 2014 # # Script will read in userid & output results to a text file # EXAMPLE: UserTermination.ps1 # # This script will accomplish the following: # A) Disable Lync Account (Lync 2010) # B) Remove Inbox Rules (Exchange 2010) # C) Remove all Mail Forwarding Rules (Exchange 2010) # D) Hide email address from Exchange Address Lists (Exchange 2010) # E) Remove Group Membership (including DL) from AD object (Active Directory) # F) Remove Manager Field from AD object (Active Directory) # G) Disable Account (Active Directory) # H) Move disabled AD object to Disabled OU # # Ask for userid & query if action is correct [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-null # # Declare variables # $StrInvocation = (Get-Variable MyInvocation).Value $strRunDir = Split-Path $StrInvocation.MyCommand.Path $strDate = get-date -format "dd-MMM-yyyy-HHmm" $blnUserExists = $false $strUserID = "" $strSMTPserver = "" $strFrom = "" $arrRecipient = @("") $strSubject = "" $strDebug = "" $strOperator = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $strMsg1 += "`r`n` " $strMsg1 += "User Termination Process Script for `r`n` " $strMsg1 += "`r`n` " $strMsg1 += "Created by EBS Platforms Team - 2014 `r`n` " $strMsg1 += "`r`n` " $strMsg1 += "This script will accomplish the following: `r`n` " $strMsg1 += "`r`n` " $strMsg1 += "1.) Disable Lync Account (Lync 2010) `r`n` " $strMsg1 += "2.) Remove Inbox Rules (Exchange 2010) `r`n` " $strMsg1 += "3.) Remove all Mail Forwarding Rules (Exchange 2010) `r`n` " $strMsg1 += "4.) Hide email address from Exchange Address Lists (Exchange 2010) `r`n` " $strMsg1 += "5.) Remove Group Membership (including DL) from AD object (Active Directory) `r`n` " $strMsg1 += "6.) Remove Manager Field from AD object (Active Directory) `r`n` " $strMsg1 += "7.) Disable Account (Active Directory) `r`n` " $strMsg1 += "8.) Move disabled AD object to Disabled OU `r`n` " write-host $strMsg1 enterUser