ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Powershell - Disable a Leaving or Terminated Employee - AD

    Scheduled Pinned Locked Moved Developer Discussion
    1 Posts 1 Posters 470 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403
      last edited by DustinB3403

      The below script will revoke all permissions and disable a specified user account from AD. Additionally it will attempt to reboot their computer if you un-comment the indicated line.

      Do{
	Try {
		$userInput = Read-Host -Prompt "Leaving Employee"
		$user = Get-ADUser $userInput -Properties memberof
		$invalid = $false
	} Catch {
		$invalid = $true
		Write-Warning "Invalid Entry"
	}
} While ($invalid)
$user | Set-ADUser -Enabled $False
$user.memberof | ForEach-Object {
#This line removes all group memberships besides "Domain User", confirmation is not required per membership. If confirmation is required modify "-confirm:$false" to be "#-confirm:$false" without quotes.
	Remove-ADGroupMember -Identity $_ -Members $user.samaccountname -confirm:$false
}

    # Un-Comment the below two lines and modify to match your PC naming convention.
#$computer = "$($user.samaccountname)-w7a" or "$($user.samaccountname)-w7"
#Restart-Computer -ComputerName $computer -Force

Write-Output "Account is disabled, and if found their computer has been restarted."
      1 Reply Last reply Reply Quote 2
      • 1 / 1
      • First post
        Last post