PowerShell - Disable AD Account & Enable Out Of Office Reply

PowerShell - Disable AD Account & Enable Out of Office

Here is a nice simple script that admins can run to disable a user account within AD, move the account to the "Disabled Users" OU with the user description stamped with the user account used to run the script and the time & date, set a standardised out of office reply (informing people they have left the company) and removes the user from the global address list in Exchange.

All that is needed is the AD username of the user you wish to disable.

Update - 14/12/2013.

I have added additional functionality to send an email confirmation to the manager of the account you are disabling and added additional informational comments. Extracts of the send mail function were used from http://blogs.msdn.com/b/rkramesh/archive/2012/03/16/sending-email-using-powershell-script.aspx.

# *************************************************************************
# ****** Disable Active Directory User Account & Set Out Of Office PowerShell Script   ******
# ******                                                                                                                 ******
# ****** Created by Maurice Daly on 12/12/2013                                                      ******
# ****** Follow me on Twitter - modaly_it                                                                ******
# ******                                                                                                                 ******
# ****** Updated on 14/12/2013                                                                              ******
# ****** Description updated to use active directory name instead of the username      ******
# ****** Email confirmation now sent to ex-employee's manager                                 ******
# ******                                                                                                                  ******
# ***************************************************************************

# Import Required PS Modules
cls
write-host "Importing Active Directory PS Commandlets"
Import-Module ActiveDirectory
write-host "Importing Exchange Server PS Commandlets"

# Connect to MS Exchange
write-host "Connecting to MS Exchange"
$ExchangeSMTP = "YOURSMTPSERVER"
$ExchangePowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://YOUREXCHANGESERVER/Powershell
Import-PSSession $ExchangePowerShell
cls
write-host "Disable Active Directory User Account & Enable Out Of Office"
write-host ""

# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail

# Prompt for AD Username
$Employee = read-host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties Mail,Manager
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
$ManagerEmail = $Manager.Mail

cls
# Prompt for confirmation
write-host "******************** CONFIRM USER DISABLE REQUEST ***********************"
write-host ""
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
Get-ADUser $Employee | fl
$UserDetails = Get-User $Employee
$choice = ""
 while ($choice -notmatch "[y|n]"){
     $choice = read-host "Do you want to continue? (Y/N)"
     }
# Actions
if ($choice -eq "y"){
        cls
        write-host "******************************** DISABLING USER ACCOUNT ********************************"
        write-host ""
        write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
        Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
        write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
        Disable-ADAccount $Employee
        write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
        write-host ""
        Get-ADUser $Employee | %{move-ADObject $_.DistinguishedName -targetpath 'OU=Disabled User Accounts,DC=YOURDOMAIN,DC=YOURDOMAIN'
        write-host "Waiting 15 seconds for AD & Exchange OU update to complete"
        sleep -Seconds 15
        write-host ""
        write-host "Refreshing Employee Details for Exchange Modification."
        write-host ""
        Get-ADUser $Employee -Properties Description | Format-List Name,Enabled,Description
        write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
        Set-MailboxAutoReplyConfiguration $Employee -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate." -ExternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate."
        write-host "Step 5. Removing $Employee from Exchange Global Address Book." -ForegroundColor Yellow
        Get-Mailbox -Identity $Employee | Set-mailbox -HiddenFromAddressListsEnabled $true
        Write-Host "Step 6. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
        $msg = new-object Net.Mail.MailMessage
        $smtp = new-object Net.Mail.SmtpClient($ExchangeSMTP)
        $msg.From = "$($DisabledBy.Mail)"
        $msg.To.Add("$($Manager.Mail)")
        $msg.subject = "IT Notification - Employee Leaver Confirmation"
        $msg.body = "This email is confirm that $($Userdetails.Name)'s account has been disabled. An out of office notification advising that $($Userdetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days."
        $smtp.Send($msg)
                  
      
                }
     }
    
 else {
        write-host ""
        write-host "Employee disable request cancelled" -ForegroundColor Yellow}




Disclaimer - Use this script at your own risk, I accept no responsibility for any issues arising from it.