<# Summary: Note: We have a custom value in AD called EmployeeID you may need to adjust the script to fit your unique needs. Request input from user Get user by Employee ID Check for Duplicate Emp ID Check to see if account found Display account information Terminate User Option Update Description Field Set Manager and Phone to NULL Export List of AD Groups Remove Groups from User Account Create & Format Date - Append to Name Field Because of Duplicates Disable AD Account Move User Account to Inactive Users OU Export Home Directory Author: Scott Head Date: 02/09/2022 Version: 1.0 #> #Get Input From User $EmployeeID = Read-Host "Enter EmployeeID" #Check for Account in AD $MyUserInfo = Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | select GivenName, Surname, Office #Check for Duplicate EmployeeID's If ($MyUserInfo.count -gt 1) { Write-Host "Multiple Accounts Found - Program Closed" Break } #Check to See if Account is Found If ($MyUserInfo -eq $Null) { Write-Host "No Account Found - Program Closed `n" Break } Else { Write-Host "First Name: $($MyUserInfo.GivenName)" Write-Host "Last Name: $($MyUserInfo.Surname)" Write-Host "Office: $($MyUserInfo.Office) `n" } #After User Reviews Output : Option to Terminate User Account $Decision = Read-Host "Terminate User Press 1" If ($Decision -eq 1) { Write-Host "Terminating User Account......." #--1-&-2--Update Description Field and Set Manager and Pohne to NULL------------------------------------------- $MyDateInfo = Get-Date -Format yyyy-MM-dd $MyDateInfo = "Termed $MyDateInfo" $DescriptionUpdate = "$MyDateInfo - $EmployeeID" Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | Set-ADUser -Description $DescriptionUpdate -Manager $NULL -OfficePhone $NULL #--3---Export List of AD Groups--------------------------------------------------------- #Export User Name to File $MyADUSer = Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | Select -ExpandProperty SamAccountName $MyADUSer | Out-File C:\UserGroupLog\$EmployeeID.txt -Append #Get ADGroup Not Equal to Domain Users $MyADGroups = Get-ADUser -Filter 'EmployeeID -eq $EmployeeID' -Properties * | Get-ADPrincipalGroupMembership | Where { $_.Name -ne "Domain Users" } | Select -ExpandProperty Name #Export ADGroups to Same File $MyADGroups | Out-File C:\UserGroupLog\$EmployeeID.txt -Append #--4--Remove Groups from User Account----------------------------------------------------------------------- Foreach ($MyGroup in $MyADGroups) { Remove-ADGroupMember -Identity $MyGroup -Members $MyADUSer -Confirm:$False } "AD Groups Removed" | Out-File C:\UserGroupLog\$EmployeeID.txt -Append #--5--Create & Format Date - Append to Name Field Because of Duplicates------------------------------------- $DateAdd = Get-Date -Format "MMddyyyyHHmmss" $ADName = Get-ADUser $MyADUSer | Select -ExpandProperty Name $NewADName = "$ADName - $DateAdd" Get-ADUser $MyADUSer | Rename-ADObject -NewName $NewADName #--7--Disable AD Account----------------------------------------------------------------------------------- Get-aduser $MyADUSer | Disable-ADAccount #--6--Move User Account to Inactive Users OU-------------------------------------------------------------- Get-ADUser $MyADUSer | Move-ADObject -TargetPath 'OU=InactiveAccounts,OU=Accounts,DC=YourDomain,DC=net' #--8--Export Home Directory-------------------------------------------------------------------------------- $NDrive = Get-aduser $MyADUSer -Properties * | select -ExpandProperty HomeDirectory $NDrive | Out-File C:\UserGroupLog\AA_User_Profiles.txt -Append write-host "Process Complete - Program Closed..." } Else { Write-Host "Account NOT Terminated - Program Closed `n" }