PowerShell - Disable AD Account & Enable Out of Office
Here is a nice simple script that admins can run to disable a user account within AD, move the account to the "Disabled Users" OU with the user description stamped with the user account used to run the script and the time & date, set a standardised out of office reply (informing people they have left the company) and removes the user from the global address list in Exchange.
All that is needed is the AD username of the user you wish to disable.
Update - 14/12/2013.
I have added additional functionality to send an email confirmation to the manager of the account you are disabling and added additional informational comments. Extracts of the send mail function were used from http://blogs.msdn.com/b/rkramesh/archive/2012/03/16/sending-email-using-powershell-script.aspx.
# *************************************************************************
# ****** Disable Active Directory User Account & Set Out Of Office PowerShell Script ******
# ****** ******
# ****** Created by Maurice Daly on 12/12/2013 ******
# ****** Follow me on Twitter - modaly_it ******
# ****** ******
# ****** Updated on 14/12/2013 ******
# ****** Description updated to use active directory name instead of the username ******
# ****** Email confirmation now sent to ex-employee's manager ******
# ****** ******
# ***************************************************************************
# Import Required PS Modules
cls
write-host "Importing Active Directory PS Commandlets"
Import-Module ActiveDirectory
write-host "Importing Exchange Server PS Commandlets"
# Connect to MS Exchange
write-host "Connecting to MS Exchange"
$ExchangeSMTP = "YOURSMTPSERVER"
$ExchangePowerShell = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://YOUREXCHANGESERVER/Powershell
Import-PSSession $ExchangePowerShell
cls
write-host "Disable Active Directory User Account & Enable Out Of Office"
write-host ""
# Get Variables
$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
$DisabledBy = Get-ADUser "$env:username" -properties Mail
$DisabledByEmail = $DisabledBy.Mail
# Prompt for AD Username
$Employee = read-host "Employee Username"
$EmployeeDetails = Get-ADUser $Employee -properties Mail,Manager
$Manager = Get-ADUser $EmployeeDetails.Manager -Properties Mail
$ManagerEmail = $Manager.Mail
cls
# Prompt for confirmation
write-host "******************** CONFIRM USER DISABLE REQUEST ***********************"
write-host ""
write-host -ForegroundColor Yellow "Please review the Employee details below to ensure you are disabling the correct user account."
Get-ADUser $Employee | fl
$UserDetails = Get-User $Employee
$choice = ""
while ($choice -notmatch "[y|n]"){
$choice = read-host "Do you want to continue? (Y/N)"
}
# Actions
if ($choice -eq "y"){
cls
write-host "******************************** DISABLING USER ACCOUNT ********************************"
write-host ""
write-host "Step1. Modifying user description for audit purposes" -ForegroundColor Yellow
Set-ADUser $Employee -Description "Disabled by $($DisabledBy.name) on $DisabledDate"
write-host "Step2. Disabling $Employee Active Directory Account." -ForegroundColor Yellow
Disable-ADAccount $Employee
write-host "Step3. Moving $Employee to the Disabled User Accounts OU." -ForegroundColor Yellow
write-host ""
Get-ADUser $Employee | %{move-ADObject $_.DistinguishedName -targetpath 'OU=Disabled User Accounts,DC=YOURDOMAIN,DC=YOURDOMAIN'
write-host "Waiting 15 seconds for AD & Exchange OU update to complete"
sleep -Seconds 15
write-host ""
write-host "Refreshing Employee Details for Exchange Modification."
write-host ""
Get-ADUser $Employee -Properties Description | Format-List Name,Enabled,Description
write-host "Step 4. Setting Exchange Out Of Office Auto-Responder." -ForegroundColor Yellow
Set-MailboxAutoReplyConfiguration $Employee -AutoReplyState enabled -ExternalAudience all -InternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate." -ExternalMessage "Please note that I no longer work for $($UserDetails.company) as of $LeaveDate."
write-host "Step 5. Removing $Employee from Exchange Global Address Book." -ForegroundColor Yellow
Get-Mailbox -Identity $Employee | Set-mailbox -HiddenFromAddressListsEnabled $true
Write-Host "Step 6. Sending Confirmation E-mail To Employee's Manager." -ForegroundColor Yellow
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($ExchangeSMTP)
$msg.From = "$($DisabledBy.Mail)"
$msg.To.Add("$($Manager.Mail)")
$msg.subject = "IT Notification - Employee Leaver Confirmation"
$msg.body = "This email is confirm that $($Userdetails.Name)'s account has been disabled. An out of office notification advising that $($Userdetails.Name) has left the company has also been set. Note that the account will be deleted after 30 days."
$smtp.Send($msg)
}
}
else {
write-host ""
write-host "Employee disable request cancelled" -ForegroundColor Yellow}
Disclaimer - Use this script at your own risk, I accept no responsibility for any issues arising from it.
Sorry for the lack of source-declaration, it's been sorted!
ReplyDelete