Friday, 3 January 2020

Remove AD Groups from Disabled Users


 Param(
 [Parameter (Mandatory=$False)]$DisabledUser,
 [Parameter (Mandatory=$False)]$Group,
 [Parameter (Mandatory=$False)]$Properties,
 [Parameter (Mandatory=$False)]$ErrorProperties,
 [Parameter (Mandatory=$False)]$ObjCompleted,
 [Parameter (Mandatory=$False)]$ObjError
 )

  <# Details of Property : msExchRecipientTypeDetails
 "1" User Mailbox
 "4" Onprem Shared
"16" Onprem Room
"128" MailUser
"2147483648" User Mailbox Converted to Shared Mailbox
"8589934592" Cloud Room
"34359738368" Cloud Shared Mailbox
"8388608" System Mailbox
"4398046511104" System Mailbox
#>

 $DisabledUser = (Get-ADUser -Filter * -Properties Name,SamAccountName,Enabled,UserprincipalName,msExchRecipientTypeDetails |`
?{($_.Enabled -match 'false')`
-And (($_.samAccountName).StartsWith("i"))`
-And ($_.msExchRecipientTypeDetails -ne "4")`
-And ($_.msExchRecipientTypeDetails -ne "16")`
-And ($_.msExchRecipientTypeDetails -ne "2147483648")`
-And ($_.msExchRecipientTypeDetails -ne "8589934592")`
-And ($_.msExchRecipientTypeDetails -ne "34359738368")`
-And ($_.msExchRecipientTypeDetails -ne "8388608")`
-And ($_.msExchRecipientTypeDetails -ne "4398046511104")
})|Select Name,SamAccountName,Enabled,UserprincipalName,msExchRecipientTypeDetails

 Foreach($User in $DisabledUser)
{
    $Group = (Get-ADPrincipalGroupMembership $User.samAccountName).name |?{$_ -ne "Domain Users"}
   
    Write-host "`n"
    Write-host "UserprincipalName:" $User.UserprincipalName
    Write-host "**************************************************"
 
    Foreach($g in $Group)
    {
            try{
                Remove-ADGroupMember -Identity $g -Members $user.SamAccountName -Confirm:$false -ErrorAction Stop
                Write-host "Removing User:"$user.SamAccountName -NoNewline
                Write-Host "`t" -NoNewline
                Write-Host "from Group:"$g
             
                $Properties=@{
                   'Task' = "Removed"
                   'User' = $user.SamAccountName
                   'Group' = $g
                   }
                $ObjCompleted = New-Object PSObject -Property $Properties
                $ObjCompleted  |export-csv C:\SUMANT\RemoveGroupfromDisabledUsers\Completed.csv -Append -NoTypeInformation

                }
     
            Catch{
                   $ErrorProperties=@{
                   'User' = $user.SamAccountName
                   'Group' = $g
                   'Error Log'= $_
                 }
                $ObjError = New-Object PSObject -Property $ErrorProperties
                $ObjError |export-csv C:\SUMANT\RemoveGroupfromDisabledUsers\Errors.csv -Append -NoTypeInformation
        }
    }
}

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)