Archive-User function – Clean up an user from AD and Exchange
(updated version as a function. Some error handling will follow later)
Powershell Function for cleaning up an AD user and exchange account. This can be used for example when a user leaves the company.
The information, files and mail from the user is placed in an archive folder on the network. After this has been done the user is cleaned from the network.
use as: .Archive-MWUser.ps1 -Mwusername avanboerum
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
function Archive-MWUser { <# .Synopsis Clean up an user from Active directory and Exchange .DESCRIPTION Script to process the users documents and email. Archives them to a location on the network and disables the users network account. .PARAMETER MWUsername Login name from the company user that will be archived. .EXAMPLE Archive-MWUser -MWUserName avanboerum #> [CmdletBinding()] Param( [Parameter( Mandatory=$True, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='What username would you like to target?')] $MWUsername ) Begin { $archivefolder = "\\TARGETSERVER\Archief`$\$MWUsername" $sourcehomefolder = "\\SOURCESERVER\h`$\users\$MWUsername" $sourceprofilefolder = "\\SOURCESERVER\h`$\profiles\$MWUsername.v2" $DisabledOU = "OU=Disabled Users,OU=Company,DC=company,DC=NL" $ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://CASSERVER/PowerShell/ -Authentication Kerberos Import-PSSession $ExchSession } Process { #Test if Users Archive folder already exists $folderexists = Test-Path $archivefolder if ($folderexists -eq $true) {Read-Host "Folder $folder is already present. Press any key to continue or ctrl-c to quit"} else {New-Item $archivefolder -ItemType directory} #Saves user information Get-ADUser $MWUsername -Properties memberof | Select-Object -ExpandProperty memberof | Out-File $archivefolder\memberships.txt Get-ADUser $MWUsername -Properties * | Out-File $archivefolder\UserFullInfo.txt #Archive users Exchange mailbox and archive New-MailboxExportRequest -Mailbox $MWUsername -FilePath "$archivefolder\$MWUsername.pst" ;while ((Get-MailboxExportRequest -mailbox $MWUsername | ? {$_.Status -eq “Queued” -or $_.Status -eq “InProgress”})) { sleep 15 } New-MailboxExportRequest -Mailbox $MWUsername -FilePath "$archivefolder\$MWUsername-archive.pst" -isarchive ;while ((Get-MailboxExportRequest -mailbox $MWUsername | ? {$_.Status -eq “Queued” -or $_.Status -eq “InProgress”})) { sleep 15 } Disable-Mailbox -Identity $MWUsername -Confirm #Move homefolder to archive location $folderexists = Test-Path $archivefolder\home if ($folderexists -eq $true) {Write-Host "Folder $archivefolder\home is present"} else {New-Item $archivefolder\home -ItemType directory} Move-Item $sourcehomefolder -Destination $archivefolder\home -Force #Move profilefolder to archive location $folderexists = Test-Path $archivefolder\profile if ($folderexists -eq $true) {Write-Host 'Folder $archivefolder\profile is present'} else {New-Item $archivefolder\profile -ItemType directory} Move-Item $sourceprofilefolder -Destination $archivefolder\profile -Force #Cleanup group membership. Disables the users account for logon. Disable-ADAccount -Identity $MWUsername -Confirm Get-ADUser $MWUsername | Move-ADObject -TargetPath $DisabledOU #tricky command, must test before use..... get-adgroup -Filter * | Remove-ADGroupMember -Members $mwusername } } |