[PowerShell] Decommission user on AD with PowerShell

The following script will do the following:

1.prompt you to input the username to be decommission

2. remove all group while writing a backup of the group to a csv

3.Move the user to OU=Decommission,OU=USER,DC=company,DC=local

4. Set Description to “Left on $date”, where $date is current date

5. Disable the account


$date= Get-Date -Format dd/MM/yyyy
# Removes user from all AD groups except Domain Users.
$user = Read-Host 'Please enter Username'
Get-ADPrincipalGroupMembership $user | Get-ADGroup -Properties * | select name, description,GroupCategory|Export-Csv $user".csv" -NoTypeInformation
$ADgroups = Get-ADPrincipalGroupMembership -Identity $user | where {$_.Name -ne "Domain Users"}
Remove-ADPrincipalGroupMembership -Identity "$user" -MemberOf $ADgroups -Confirm:$false

Get-ADUser $user|Move-ADObject -TargetPath 'OU=Decommission,OU=USER,DC=company,DC=local'
Set-ADUser $user -Description "Left on $date"
Disable-ADAccount -Identity $user

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s