ps/Modules/Alkami.DevOps.SystemEngineering/Public/Disable-AlkamiDomainAccounts.ps1

function Disable-AlkamiDomainAccounts {

    <#
    .SYNOPSIS
      Disables active directory accounts and moves them to the disabled accounts OU

    .DESCRIPTION
      Disables active directory and moves them to the disabled accounts OU.  Accounts can be standard accounts or service accounts.

    .PARAMETER Accounts
      [string[]] An array of user SAMAccountNames to act upon

    .PARAMETER DisabledAccountOU
      [string] The OU name for disabled accounts.  Defaults to "Disabled Accounts"

    .PARAMETER DomainName
      [string] The domain name to act upon.  Defaults to "fh.local"

    .EXAMPLE
      Disable-AlkamiServiceAccounts @("fakeuser1", "fakeuser2")

    .EXAMPLE
      Disable-AlkamiServiceAccounts @("fakeuser1", "fakeuser2") -DisabledAccountOU "Trash Can" -Domain "corp.alkamitech.com"
    #>

    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string[]]$Accounts,

        [Parameter(Mandatory = $false)]
        [string]$DisabledAccountOU = "Disabled Accounts",

        [Parameter(Mandatory = $false)]
        [string]$DomainName = "fh.local"
    )

    $logLead = Get-LogLeadName

    if (!(Test-IsUserDomainAdmin)) {

        Write-Warning "$logLead : You must have domain administrative privileges to run this command"
        return $null
    }

    foreach ($account in $Accounts) {

      Write-Host "$logLead : Processing account [$account]"
      $curAccount = Get-ActiveDirectoryAccount -Identity $account

      if ($null -eq $curAccount) {

          Write-Warning "$logLead : Account named [$account] not found; skipping."
          continue
      }

      # Disable the Account
      Disable-ActiveDirectoryAccount -Account $curAccount

      # Move the account to the disabled account OU
      Move-AccountToDisabledOU -AccountDistinguishedName $curAccount.DistinguishedName -DisabledAccountOU $DisabledAccountOU -DomainName $DomainName
    }
}
First full commit 2023-05-30 22:51:22 -07:00			`function Disable-AlkamiDomainAccounts {`

			`<#`
			`.SYNOPSIS`
			`Disables active directory accounts and moves them to the disabled accounts OU`

			`.DESCRIPTION`
			`Disables active directory and moves them to the disabled accounts OU. Accounts can be standard accounts or service accounts.`

			`.PARAMETER Accounts`
			`[string[]] An array of user SAMAccountNames to act upon`

			`.PARAMETER DisabledAccountOU`
			`[string] The OU name for disabled accounts. Defaults to "Disabled Accounts"`

			`.PARAMETER DomainName`
			`[string] The domain name to act upon. Defaults to "fh.local"`

			`.EXAMPLE`
			`Disable-AlkamiServiceAccounts @("fakeuser1", "fakeuser2")`

			`.EXAMPLE`
			`Disable-AlkamiServiceAccounts @("fakeuser1", "fakeuser2") -DisabledAccountOU "Trash Can" -Domain "corp.alkamitech.com"`
			`#>`

			`[CmdletBinding()]`
			`param (`
			`[Parameter(Mandatory = $true)]`
			`[ValidateNotNullOrEmpty()]`
			`[string[]]$Accounts,`

			`[Parameter(Mandatory = $false)]`
			`[string]$DisabledAccountOU = "Disabled Accounts",`

			`[Parameter(Mandatory = $false)]`
			`[string]$DomainName = "fh.local"`
			`)`

			`$logLead = Get-LogLeadName`

			`if (!(Test-IsUserDomainAdmin)) {`

			`Write-Warning "$logLead : You must have domain administrative privileges to run this command"`
			`return $null`
			`}`

			`foreach ($account in $Accounts) {`

			`Write-Host "$logLead : Processing account [$account]"`
			`$curAccount = Get-ActiveDirectoryAccount -Identity $account`

			`if ($null -eq $curAccount) {`

			`Write-Warning "$logLead : Account named [$account] not found; skipping."`
			`continue`
			`}`

			`# Disable the Account`
			`Disable-ActiveDirectoryAccount -Account $curAccount`

			`# Move the account to the disabled account OU`
			`Move-AccountToDisabledOU -AccountDistinguishedName $curAccount.DistinguishedName -DisabledAccountOU $DisabledAccountOU -DomainName $DomainName`
			`}`
			`}`