Powershell to formally disable user accounts who have left Orginization

When user leaves orginization administrators make sure that account is disabled and its marked for deletion. Delection can happen once in 15 days or 1 month.  We may need to perform series of steps for disabling the account

eg. Disable Account, Move Object to Disabled Account OU, Hiding from GAL, removing Group members, 0 ing send and receive limits.

Below powershell script helps to perform the same.  It uses both Exchange commands and Quest Active roles command lets. We need to add the snapin to execute the code.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
Add-PSSnapin Quest.ActiveRoles.ADManagement
$AName = Read-Host “Enter User Alias name for Disable”
$AName | out-file -filePath E:\users.txt
foreach ($user in (get-content E:\users.txt)){(get-qaduser $user).memberof | Get-QADGroup | where {$_.name -ne “domain users”} | Remove-QADGroupMember -member $user}
Move-QADObject $user -NewParentContainer “domain.com/Disabled Accounts”
Disable-QADUser $user
Set-Mailbox $user  -HiddenFromAddressListsEnabled $true -UseDatabaseQuotaDefaults:$False -issuewarningQuota 0MB -ProhibitSendQuota 0MB -ProhibitSendReceive 0MB


Below location has copy of the code


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s