forked from Scine/Office365
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Employee Left - New.ps1
68 lines (48 loc) · 3.47 KB
/
Employee Left - New.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
##This script is to disable users, change their passwords, move them to a different OU, force sync your domain controllers, remove Office 365 licenses,
##add an Exchange 2 license for litigation hold, and turn on litigation hold on the account.
##This is being deprecated, but I thought I'd leave it up for anyone in case they might find it useful.
##Change the DomainForOffice365 to your domain. Specifically the part before .onmicrosoft.com
##Also change yourdomain at various points. The OU "Disabled Accounts" portion moves the account to that OU, and keeps things tidy.
##This section requires the profile.ps1 file found here: https://github.com/Scine/Powershell/blob/master/profile.ps1
##Put that file under your Documents\Windows Powershell\ folder.
#If you don't have 2FA authentication enabled uncomment this section
#$UserCredential = Get-Credential
#Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
#Import-PSSession $Session
#With 2FA authentication enabled already. If you don't have this enabled, use the above section on line 6 and comment out the next 3 lines below by putting a # at the beginning of each line.
Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse ).FullName|?{$_ -notmatch "_none_"}|select -First 1)
$EXOSession = New-ExoPSSession
Import-PSSession $EXOSession
Write-host "Setting Office 365 Account Password"
$EmailAddress = read-host 'Enter user login address:'
$Password = read-host 'New Password:'
$un = read-Host 'Please enter Active Directory username of person to reset password:'
$supervisor = read-Host 'User who is going to be having access to shared mailbox'
set-adaccountpassword -identity $un -reset
connect-msolservice -credential $UserCredential
Set-Mailbox $EmailAddress -Type shared
Add-MailboxPermission -Identity $EmailAddress -User $supervisor -AccessRights FullAccess
Set-MsolUser -UserPrincipalName $EmailAddress -StrongPasswordRequired $False
Set-MsolUserPassword -UserPrincipalName $EmailAddress -NewPassword $Password -ForceChangePassword $false
Write-host "Completed. Password changed to $Password for account $EmailAddress"
##This section removes all licenses (use get-msolaccountsku to find out yours), and adds Exchange Enterprise license
##which is required for litigation hold. You may not need that for your environment, so adjust accordingly.
Set-MsolUserLicense -UserPrincipalName "$EmailAddress" -RemoveLicenses DomainForOffice365:EXCHANGESTANDARD
Set-MsolUserLicense -UserPrincipalName "$EmailAddress" -RemoveLicenses DomainForOffice365:O365_BUSINESS_PREMIUM
Set-MsolUserLicense -UserPrincipalName "$EmailAddress" -AddLicenses DomainForOffice:EXCHANGEENTERPRISE
Set-Mailbox "$EmailAddress" -LitigationHoldEnabled $true
Get-ADUser $un | Move-ADObject -TargetPath 'OU=Disabled Accounts,DC=yourdomain,Dc=local'
Disable-ADAccount -identity $un
Set-ADUser -Identity $un -Replace @{msExchHideFromAddressLists=$True}
$DomainControllers = Get-ADDomainController -Filter *
ForEach ($DC in $DomainControllers.Name) {
Write-Host "Processing for "$DC -ForegroundColor Green
If ($Mode -eq "ExtraSuper") {
REPADMIN /kcc $DC
REPADMIN /syncall /A /e /q $DC
}
Else {
REPADMIN /syncall $DC "dc=yourdomain,dc=local" /d /e /q
}
}
##Find scripts like this at https://github.com/Scine/Office365 Enjoy!