最近公司離職人員有的頻繁,所以寫了powershell來進行半自動化執行。後期空了再優化下,powershell定時讀數據庫字段,自動執行
廢話不多說了,看代碼,註釋是英文我就不改了
##########################
# Author:rp722
#
#
##########################
#$user is the user login ID xxx
$user="xxx"
#backup user's gourp name to txt file
Get-ADPrincipalGroupMembership $user | Select-Object Name >C:\Script\$user.txt
#get user's groups DN name
$groups=(get-aduser $user -properties memberof).memberof
#remove user from each group
foreach($gp in $groups)
{
remove-adgroupmember -Identity $gp -Members $user -Confirm:$false
}
#set user Description
get-aduser $user|set-aduser -Description "User has left company"
#Move user
get-aduser -Identity $user|Move-ADObject -TargetPath "OU=Disabled,OU=Common,DC=domain,DC=net"
#Disable user
get-aduser -Identity $user|Disable-ADAccount