Automate Leavers in Active Directory (AD)

The below PowerShell script will allow you to remove and replace attributes for a user (in this case a leaver) and disable as well as move to a specific Organisational Unit (OU).

 

# Load the Quest AD CmdLets
Add-PsSnapIn Quest.ActiveRoles.ADManagement

# Variables
$User = Read-Host ‘Enter Username to be disabled’

$DisabledOU = “specialistech.com/Disabled Accounts/Users”

# Disable the User Account
Disable-QADUser $User

# Move Account to “Disabled” OU
Move-QADObject $User -NewParentContainer $DisabledOU

# Clear Ad Properties – List of attributes to wipe
Set-ADUser $User -manager $null
Set-ADUser $User -department $null
Set-ADUser $User -mobile $null
Set-ADUser $User -description $null
Set-ADUser $User -company $null
Set-ADUser $User -Clear ipPhone
Set-ADUser $User -office $null
Set-ADUser $User -Clear telephoneNumber
Set-ADUser $User -description ‘Disabled 01-01-18’

# Clear Groups Membership
Get-QADMemberOf $User | Select Name, Type | Export-Csv “MemberOf.csv” -NoTypeInformation
Remove-QADMemberOf $User -RemoveAll

Scroll to top
Skip to content