Hi All
I am trying to get a script together to run against a specific OU (our disabled Users OU) to make the process of leavers more automated.
I am trying to achieve the 4 main outcomes below
1. Disable User account
2. Hide from GAL
3. Export users group membership to a file based on SamAccountName
4. Remove users from all groups except domain users
I have some parts of this working from other peoples scripts i have found on the web but need to tie it all together which is proving to be beyond my basic scripting ability
Below is what i have so far, this does disable users / hide from GAL and remove groups however as stated i would really like it to export the group membership to a file before removing them so i have a record should a mistake be made.
$users= get-aduser -Filter {(Enabled -eq "True")} -SearchBase "ou=Disabled Accounts,dc=test2k8,dc=local"
Function RemoveMemberships
{
param([string]$SAMAccountName)
$user = Get-ADUser $SAMAccountName -properties memberof
$userGroups = $user.memberof
$userGroups | %{get-adgroup $_ | Remove-ADGroupMember -confirm:$false -member $SAMAccountName}
$userGroups = $null
}
$users | %{RemoveMemberships $_.SAMAccountName}
ForEach ($user in $users)
{
set-aduser -identity $user.sAMAccountName -Enabled $false -replace @{msExchHideFromAddressLists=$true}
}
exit
If there is anyone here that can help i would be very grateful
Many Thanks
Nick