Blog Move

Just letting you all know, I have recently moved my blogs across to my new blogging site - http://modalyitblog.wordpress.com/

PowerShell - Disable AD Account & Enable Out Of Office Reply

PowerShell - Disable AD Account & Enable Out of Office

Here is a nice simple script that admins can run to disable a user account within AD, move the account to the "Disabled Users" OU with the user description stamped with the user account used to run the script and the time & date, set a standardised out of office reply (informing people they have left the company) and removes the user from the global address list in Exchange.

All that is needed is the AD username of the user you wish to disable.

Update - 14/12/2013.

I have added additional functionality to send an email confirmation to the manager of the account you are disabling and added additional informational comments. Extracts of the send mail function were used from http://blogs.msdn.com/b/rkramesh/archive/2012/03/16/sending-email-using-powershell-script.aspx.

# *************************************************************************
# ****** Disable Active Directory User Account & Set Out Of Office PowerShell Script   ******
# ******                                                                                                                 ******
# ****** Created by Maurice Daly on 12/12/2013                                                      ******
# ****** Follow me on Twitter - modaly_it                                                                ******
# ******                                                                                                                 ******
# ****** Updated on 14/12/2013                                                                              ******
# ****** Description updated to use active directory name instead of the username      ******
# ****** Email confirmation now sent to ex-employee's manager                                 ******
# ******                                                                                                                  ******
# ***************************************************************************

# Import Required PS Modules
cls
write-host "Importing Active Directory PS Commandlets"
Import-Module ActiveDirectory
write-host "Importing Exchange Server PS Commandlets"

# Connect to MS Exchange
write-host "Connecting to MS Exchange"
$ExchangeSMTP = "YOURSMTPSERVER"
$ExchangePowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://YOUREXCHANGESERVER/Powershell
Import-PSSession $ExchangePowerShell
cls
write-host "Disable Active Directory User Account & Enable Out Of Office"
write-host ""

# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail

# Prompt for AD Username
$Employee = read-host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties Mail,Manager
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
$ManagerEmail = $Manager.Mail

cls
# Prompt for confirmation
write-host "******************** CONFIRM USER DISABLE REQUEST ***********************"
write-host ""
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
Get-ADUser $Employee | fl
$UserDetails = Get-User $Employee
$choice = ""
 while ($choice -notmatch "[y|n]"){
     $choice = read-host "Do you want to continue? (Y/N)"
     }
# Actions
if ($choice -eq "y"){
        cls
        write-host "******************************** DISABLING USER ACCOUNT ********************************"
        write-host ""
        write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
        Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
        write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
        Disable-ADAccount $Employee
        write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
        write-host ""
        Get-ADUser $Employee | %{move-ADObject $_.DistinguishedName -targetpath 'OU=Disabled User Accounts,DC=YOURDOMAIN,DC=YOURDOMAIN'
        write-host "Waiting 15 seconds for AD & Exchange OU update to complete"
        sleep -Seconds 15
        write-host ""
        write-host "Refreshing Employee Details for Exchange Modification."
        write-host ""
        Get-ADUser $Employee -Properties Description | Format-List Name,Enabled,Description
        write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
        Set-MailboxAutoReplyConfiguration $Employee -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate." -ExternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate."
        write-host "Step 5. Removing $Employee from Exchange Global Address Book." -ForegroundColor Yellow
        Get-Mailbox -Identity $Employee | Set-mailbox -HiddenFromAddressListsEnabled $true
        Write-Host "Step 6. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
        $msg = new-object Net.Mail.MailMessage
        $smtp = new-object Net.Mail.SmtpClient($ExchangeSMTP)
        $msg.From = "$($DisabledBy.Mail)"
        $msg.To.Add("$($Manager.Mail)")
        $msg.subject = "IT Notification - Employee Leaver Confirmation"
        $msg.body = "This email is confirm that $($Userdetails.Name)'s account has been disabled. An out of office notification advising that $($Userdetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days."
        $smtp.Send($msg)
                  
      
                }
     }
    
 else {
        write-host ""
        write-host "Employee disable request cancelled" -ForegroundColor Yellow}




Disclaimer - Use this script at your own risk, I accept no responsibility for any issues arising from it. 

 

Book Review - Hyper-V Replica Essentials

E-Book Review: Hyper-V Replica Essentials

Language : English
Release Date : October 2013
ISBN : 1782171886
ISBN 13 : 9781782171881
Author(s) : Vangel Krstevski

URL : http://bit.ly/1aDezz9

I was recently asked to review a new publication for Packt Publishing which focuses purely on one of the most talked about features in Windows 2012 server - Hyper-V Replica.

Hyper-V Replica Essentials is one of the first publications to focus specifically on the Hyper-V replica role alone, which probably is a good thing given that for most businesses in the SME sector will be looking to make this feature part of their disaster recovery / business continuity plan.

The author Vangel Krstevski has produced this step by step guide (96 pages in total) with one aim, to provide you the reader with a basic understanding of the technologies covered and to provide a means to setup a highly available Hyper-V cluster with disaster recovery. The book commences with an overview of virtualisation and Microsoft’s real entry into the virtualisation game with Windows Server 2008 R2 before swiftly moving on to Windows Server 2012 Hyper-V Replica.

The Good Points

The author has opted to take the reader through the entire process of establishing a functional environment up with step by step screen shots of the installation procedures and provides basic architectural diagrams. Going down this route ensures that even junior administrators and server engineers who are unfamiliar with scripting everything through PowerShell can produce a basic deployment that in theory, just works.

I found the book to be structured well and easy to read, the inclusion of screenshots ensures that a visual reference point accompanies your build. Chapters 3 & 5 provide even the most sceptical admin/engineer who is more familiar with technologies from other vendors such as VMWare, that administration and failover processes are really that straight forward to test or implement. This provides piece of mind to those making or suggesting a switch in virtualisation platform.

Chapter 4 focuses on setting up the PKI requirements for securing replication which for those of you unfamiliar with certificates is particularly useful whilst the final chapter deals with administration of your clustered highly available, DR enabled environment. External reference links are also provided in the final chapter for those of you who wish to find out more in depth information.

Some Objective Criticism

As previously mentioned the author takes the route of using GUI based procedures for installing the various roles, this is good for the novice user however seasoned administrators are moving more and more towards PowerShell scripting their installations and I believe to omit these commands to be an oversight. One example would be the QOS bandwidth throttling in Hyper-V as this is handled purely through PS commands, vital for those who do not wish to find that their nice new feature has saturated their WAN links as soon as it goes into production.

One other key point missed within the book is around replication of the page file and the serious implications this can have on the Hyper-V replica logs (HRL files). Microsoft recommend that the page file is relocated to a separate VHD for this purpose as the VHD can then be excluded on the replication, however the page file disk must be excluded on the initial VM replication configuration and cannot be implemented retrospectively. http://social.technet.microsoft.com/wiki/contents/articles/12800.hyper-v-virtual-hard-disks-with-paging-files-should-be-excluded-from-replication.aspx

Last of all I believe more detail around NIC roles within Hyper-V and VLAN segregation should have been covered, even at a basic level. Without clear definition networking can be the downfall of any Hyper-V deployment, especially when it gets down to the storage layer.

Conclusion

Hyper-V Replica Essentials provides even novice users with a means to set up and provide their business with a business continuity solution through the free out of the box Hyper-V replica feature in Windows Server 2012.

At the time of writing I would suggest that at €16.14 for the electronic E-Book (which I opted for and found a joy to read on my iPad) provides excellent value for money, especially when you consider a basic Hyper-V training course would cost multiples of this amount. In fact why not use the difference to purchase some additional literature from Packt's extensive book list, for more info visit their website at http://www.packtpub.com.

Finally, I would personally like to see an updated version to cover the updated features of Hyper-V replica in Windows 2012 R2 and potentially address some of the points I have raised above.