-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathOffboardUser.ps1
69 lines (49 loc) · 2.54 KB
/
OffboardUser.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#This script will connect to the Alliance O365 instance, unassign the license from the specified user, reset its password, remove it from any distribution groups, and convert its mailbox to a shared mailbox.
#It will also disable its account in Active Directory and move it to the Disable Users OU
#It will require the Windows Azure Active Directory Module for Windows Powershell, which can be downloaded here (http://go.microsoft.com/fwlink/p/?linkid=236297) as well as Remote Server Administration Tools
##### OFFICE 365 ############################################
#Import Azure AD Module
Import-Module MSOnline
#Get credentials to connect
$UserCredential = Get-Credential
#Get user email address
$Email = Read-Host -Prompt 'Input the email address to offboard'
#Connect to O365
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
#Convert user to shared mailbox
Set-Mailbox $Email -Type shared
#Remove the user from all distribution groups
$DGs = Get-DistributionGroup
foreach($dg in $DGs)
{
Remove-DistributionGroupMember $dg.Name -Member $Email -BypassSecurityGroupManagerCheck -Confirm:$false -erroraction 'silentlycontinue'
}
#Remove all licenses
Connect-MsolService -Credential $UserCredential
$license = Get-MsolUser -UserPrincipalName $Email | select -ExpandProperty licenses
Set-MsolUserLicense -UserPrincipalName $Email -RemoveLicense $license.AccountSkuID
#Reset the user's password
Set-MsolUserPassword -UserPrincipalName $Email -NewPassword -ForceChangePassword $False
#End session
Remove-PSSession $Session
#Press any key to continue
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
#####################################################################
#### ACTIVE DIRECTORY ###############################################
#Import Active Directory module
Import-Module ActiveDirectory
#Get user samAccountName
$samAccountName = Read-Host -Prompt 'Input the username to offboard'
#Disable the account
Set-ADUser -Identity $samAccountName -Enabled $false
#Move to Disabled User Accounts OU
Get-ADUser $samAccountName | Move-ADObject -TargetPath
#Remove account from all security groups
$User = Get-ADUser $samAccountName -Properties memberOf
$Groups = $User.MemberOf | ForEach-Object {
Get-ADGroup $_
}
$Groups | ForEach-Object {Remove-ADGroupMember -Identity $_ -Members $User}
#####################################################################