#------------------------------------------------------------------------------------------------------------------------# # Title: Cleanup Script # # Author: Nicholas Raposo # # Version: 1.0 # # Updated: 10/31/2018 # # Description: This script strips groups from users and stores 1 log file and 1 working file. The log file saves the # # the groups that were stripped from a user and the working file is used to determine when to delete a # # users files from the home directory. # #------------------------------------------------------------------------------------------------------------------------# Import-Module ActiveDirectory #Create Exchange PowerShell PSSession $s=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://va-ex01/powershell -Authentication Kerberos #Import Exchange PowerShell Session Import-PSSession -Session $s -AllowClobber #Data initialization: get the xml file and ingest it, import the data we need, get exchange recipients. $dt = Get-Date $homeFolderPath = "\\va-fp03\home$\" $logStripPath = "c:\logs\groupsstrip\" $OUPath = "OU=DISABLED USERS,DC=vanaqua,DC=local" $xmlfile = "\\va-dc02\c$\logs\cleanup\users.xml" [xml]$xmlObj = [System.Xml.XmlDocument](Get-Content $xmlfile) $users = $xmlObj.SelectNodes("//*[@Name]") $recipients = Get-Recipient "*@ocean.org" foreach ($username in (Get-ADUser -SearchBase $OUPath -filter *)) { #If the user hasn't been added to the list and doesn't have their home #folder cleaned up already then add them to the list. $homeDirectory = $homeFolderPath + $username.SamAccountName if($username.Name -notin $users){ if(Test-Path $homeDirectory){ $child = $xmlObj.CreateElement("User") $child.SetAttribute("Name", $username.Name) $childDay = $xmlObj.CreateElement("Day") $childDay.InnerText = $dt.Day $childMonth = $xmlObj.CreateElement("Month") $childMonth.InnerText = $dt.Month $child.AppendChild($childDay) $child.AppendChild($childMonth) $xmlObj.Users.AppendChild($child) } } # Get all group memberships $groups = get-adprincipalgroupmembership $username; # Loop through each group foreach ($group in $groups) { # Exclude Domain Users group if ($group.name -ne "domain users") { # Write progress to screen write-host "removed" $username "from" $group.samaccountname -Foreground Yellow; # Remove user from group remove-adgroupmember -Identity $group.SamAccountName -Member $username.SamAccountName -Confirm:$false; # Define and save group names into filename in c:\logs\groupsstrip\username $grouplogfile = $logStripPath + $username.SamAccountName + ".txt"; $group.name >> $grouplogfile } } } #Loop through the users in our working file and disable the mailbox then delete the files as needed. ForEach ($usr in $users){ if($usr.attributes['Name'].value -in $recipients.Name){ #Disable users mailbox if it exists. Get-Mailbox -identity $usr.attributes['Name'].value | Disable-Mailbox -confirm:$false } #Do some date & time wizardry to not have discrepancies between years, alternative would be to implement absolute time. $tempMonthCurrent = $dt.Month $tempMonthUsr = [int]$usr.Month + 3 if($tempMonthUsr -gt 12){ $tempMonthUsr = $tempMonthUsr - 12 if([int]$dt.Month + 3 -gt 12){ $tempMonthCurrent = $tempMonthCurrent - 12 } } if($tempMonthCurrent -gt $tempMonthUsr){ $tempUsr = $usr.attributes['Name'].value -replace ' ', '.' $tempPath = $homeFolderPath + $tempUsr Remove-Item -path $tempPath #Remove the user node as we are now finished all cleanup. $usr.ParentNode.RemoveChild($usr) } } $xmlObj.Save($xmlfile) Remove-PSSession $s