- Save the script to Process-Leaver.ps1 file.
- Run it from PowerShell console.
- It will prompt you to enter the user name you want to disable.
- The user who runs the script must have the right to send emails on exchange server.
- Change the script as necessary to align with your needs.
_______________________________________________________________________________
Import-Module ActiveDirectory
$Adleaver = @{}
[String]$leaver = Read-Host "Enter the leaver account"
Try {
$Adleaver = Get-AdUser $leaver -Properties WhenCreated,mail -ErrorAction Stop | Select Name,SamAccountName,ObjectClass,UserprincipalName,Mail,SID,WhenCreated,Enabled
If(((Get-ADuser $leaver).enabled) -eq $False) { Write-Host "Account is already Disabled"; Return }Else { $Adleaver }
}
Catch {
Write-Host "The user can't be found. Please check the name again."
Write-Host "$_.Exception.Message"
Return
}
$bool = Read-Host "Is this the right user? (y=yes) or (anything else=no)"
If (!($bool -eq 'y')) {
Return
}
Else {
# Whoami ~ Powershell
[String]$Usr = $env:USERDOMAIN + "\" + $env:USERNAME
$a = "<style>"
$a += "BODY{background-color:white;}"
$a += "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"
$a += "TH{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:lightgrey}"
$a += "TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:lightblue}"
$a += "</style>"
$Pre = "<h3>The Report on Leaver Account</h3>"
$Pre += "Full Name: "
$Pre += @($Adleaver."Name")
$Pre += "<br/> SamAccountName: "
$Pre += @($Adleaver."SamAccountName")
$Pre += "<br/> ObjectClass: "
$Pre += @($Adleaver."ObjectClass")
$Pre += "<br/> UserPrincipalName: "
$Pre += @($Adleaver."UserPrincipalName")
$Pre += "<br/> Email Address: "
$Pre += @($Adleaver."Mail")
$Pre += "<br/>SID: "
$Pre += @($Adleaver."SID")
$Pre += "<br/>Account Created on: "
$Pre += @($Adleaver."WhenCreated")
$Pre += "<br/><br/><hr>"
$Pre += "<h4>User's Group Membership Details</h4>"
$Post = "<p>The user account is disabled by automated Powershell script.<br/>"
$Post += "<br/>Run On: "
$Post += $env:COMPUTERNAME
$Post += "<br/>Domain: "
$Post += $env:USERDNSDOMAIN
$Post += "<br/>By: "
$Post += $Usr
$Post += "<br/>Date: "
$Post += (Get-Date)
$Post += "</p>"
$Post += "Note: Please keep the attachment in case you need to recover the user account ."
Write-Host "Pulling user's groupmembership from AD..."
Get-ADPrincipalGroupMembership $leaver | Select SamAccountName,Name,GroupCategory,GroupScope | Sort Name | Out-String
#Building HTML Report body
$mBody = Get-ADPrincipalGroupMembership $leaver | Select SamAccountName,Name,GroupCategory,GroupScope | Sort Name | ConvertTo-HTML -head $a -PreContent $Pre -PostContent $Post | Out-String
#$mBody | Out-File "$leaver_report.html"
Get-ADPrincipalGroupMembership $leaver | Select SamAccountName,Name,GroupCategory,GroupScope | Export-Csv "MemberOf_$leaver.csv" -notypeinformation
#Strip out all group membership and disable the account
Remove-ADPrincipalGroupMembership $leaver
Disable-ADUser $leaver
$From = "leaver@mydomain.co.uk"
$To = "it.help@mydomain.co.uk"
$Sub = "AD User Terminated: $leaver"
$Smtpsrv = "mysmarthost.server"
Send-MailMessage -From $From -To $To -Subject $Sub -Body $mBody -BodyAsHtml -SmtpServer $SmtpSrv -Attachment "MemberOf_$leaver.csv"
Remove-Item "MemberOf_$leaver.csv"
}
________________________________________________________________________________
No comments:
Post a Comment