PowerShell | Offboarding Users
<#
Summary:
Note: We have a custom value in AD called EmployeeID you may need to adjust the script to fit your unique needs.
Request input from user
Get user by Employee ID
Check for Duplicate Emp ID
Check to see if account found
Display account information
Terminate User Option
Update Description Field
Set Manager and Phone to NULL
Export List of AD Groups
Remove Groups from User Account
Create & Format Date - Append to Name Field Because of Duplicates
Disable AD Account
Move User Account to Inactive Users OU
Export Home Directory
Author: Scott Head
Date: 02/09/2022
Version: 1.0
#>
CLS
#Get Input From User
$EmployeeID=Read-Host "Enter EmployeeID"
#Check for Account in AD
$MyUserInfo= Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | select GivenName, Surname, Office
#Check for Duplicate EmployeeID's
If($MyUserInfo.count -gt 1){
Write-Host "Multiple Accounts Found - Program Closed"
Break
}
#Check to See if Account is Found
If ($MyUserInfo -eq $Null){
CLS
Write-Host "No Account Found - Program Closed `n"
Break
}Else{
CLS
Write-Host "First Name: $($MyUserInfo.GivenName)"
Write-Host "Last Name: $($MyUserInfo.Surname)"
Write-Host "Office: $($MyUserInfo.Office) `n"
}
#After User Reviews Output : Option to Terminate User Account
$Decision = Read-Host "Terminate User Press 1"
If($Decision -eq 1){
CLS
Write-Host "Terminating User Account......."
#--1-&-2--Update Description Field and Set Manager and Pohne to NULL-------------------------------------------
$MyDateInfo = Get-Date -Format yyyy-MM-dd
$MyDateInfo= "Termed $MyDateInfo"
$DescriptionUpdate = "$MyDateInfo - $EmployeeID"
Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | Set-ADUser -Description $DescriptionUpdate -Manager $NULL -OfficePhone $NULL
#--3---Export List of AD Groups---------------------------------------------------------
#Export User Name to File
$MyADUSer = Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | Select -ExpandProperty SamAccountName
$MyADUSer | Out-File C:\UserGroupLog\$EmployeeID.txt -Append
#Get ADGroup Not Equal to Domain Users
$MyADGroups = Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | Get-ADPrincipalGroupMembership | Where{ $_.Name -ne "Domain Users" } | Select -ExpandProperty Name
#Export ADGroups to Same File
$MyADGroups | Out-File C:\UserGroupLog\$EmployeeID.txt -Append
#--4--Remove Groups from User Account-----------------------------------------------------------------------
Foreach ($MyGroup in $MyADGroups){ Remove-ADGroupMember -Identity $MyGroup -Members $MyADUSer -Confirm:$False}
"AD Groups Removed" | Out-File C:\UserGroupLog\$EmployeeID.txt -Append
#--5--Create & Format Date - Append to Name Field Because of Duplicates-------------------------------------
$DateAdd = Get-Date -Format "MMddyyyyHHmmss"
$ADName = Get-ADUser $MyADUSer | Select -ExpandProperty Name
$NewADName = "$ADName - $DateAdd"
Get-ADUser $MyADUSer | Rename-ADObject -NewName $NewADName
#--7--Disable AD Account-----------------------------------------------------------------------------------
Get-aduser $MyADUSer | Disable-ADAccount
#--6--Move User Account to Inactive Users OU--------------------------------------------------------------
Get-ADUser $MyADUSer | Move-ADObject -TargetPath 'OU=InactiveAccounts,OU=Accounts,DC=YourDomain,DC=net'
#--8--Export Home Directory--------------------------------------------------------------------------------
$NDrive=Get-aduser $MyADUSer -Properties * | select -ExpandProperty HomeDirectory
$NDrive | Out-File C:\UserGroupLog\AA_User_Profiles.txt -Append
write-host "Process Complete - Program Closed..."
}Else{
CLS
Write-Host "Account NOT Terminated - Program Closed `n"
}