65 lines
1.9 KiB
PowerShell
65 lines
1.9 KiB
PowerShell
|
function Disable-AlkamiDomainAccounts {
|
||
|
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Disables active directory accounts and moves them to the disabled accounts OU
|
||
|
|
||
|
.DESCRIPTION
|
||
|
Disables active directory and moves them to the disabled accounts OU. Accounts can be standard accounts or service accounts.
|
||
|
|
||
|
.PARAMETER Accounts
|
||
|
[string[]] An array of user SAMAccountNames to act upon
|
||
|
|
||
|
.PARAMETER DisabledAccountOU
|
||
|
[string] The OU name for disabled accounts. Defaults to "Disabled Accounts"
|
||
|
|
||
|
.PARAMETER DomainName
|
||
|
[string] The domain name to act upon. Defaults to "fh.local"
|
||
|
|
||
|
.EXAMPLE
|
||
|
Disable-AlkamiServiceAccounts @("fakeuser1", "fakeuser2")
|
||
|
|
||
|
.EXAMPLE
|
||
|
Disable-AlkamiServiceAccounts @("fakeuser1", "fakeuser2") -DisabledAccountOU "Trash Can" -Domain "corp.alkamitech.com"
|
||
|
#>
|
||
|
|
||
|
[CmdletBinding()]
|
||
|
param (
|
||
|
[Parameter(Mandatory = $true)]
|
||
|
[ValidateNotNullOrEmpty()]
|
||
|
[string[]]$Accounts,
|
||
|
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[string]$DisabledAccountOU = "Disabled Accounts",
|
||
|
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[string]$DomainName = "fh.local"
|
||
|
)
|
||
|
|
||
|
$logLead = Get-LogLeadName
|
||
|
|
||
|
if (!(Test-IsUserDomainAdmin)) {
|
||
|
|
||
|
Write-Warning "$logLead : You must have domain administrative privileges to run this command"
|
||
|
return $null
|
||
|
}
|
||
|
|
||
|
foreach ($account in $Accounts) {
|
||
|
|
||
|
Write-Host "$logLead : Processing account [$account]"
|
||
|
$curAccount = Get-ActiveDirectoryAccount -Identity $account
|
||
|
|
||
|
if ($null -eq $curAccount) {
|
||
|
|
||
|
Write-Warning "$logLead : Account named [$account] not found; skipping."
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
# Disable the Account
|
||
|
Disable-ActiveDirectoryAccount -Account $curAccount
|
||
|
|
||
|
# Move the account to the disabled account OU
|
||
|
Move-AccountToDisabledOU -AccountDistinguishedName $curAccount.DistinguishedName -DisabledAccountOU $DisabledAccountOU -DomainName $DomainName
|
||
|
}
|
||
|
}
|